HIPL

Merge lp:~rene-hummen/hipl/midauth-hipd into lp:hipl

  1. midauth-hipd
  2. Merge into trunk
Proposed by René Hummen
Status: Merged
Approved by: René Hummen
Approved revision: 6095
Merged at revision: 6046
Proposed branch: lp:~rene-hummen/hipl/midauth-hipd
Merge into: lp:hipl
Diff against target: 1713 lines (+1157/-250)
21 files modified
.bzrignore (+1/-0)
Makefile.am (+20/-5)
firewall/midauth.h (+2/-1)
hipd/hipd.c (+2/-47)
hipd/hipd.h (+3/-0)
hipd/main.c (+84/-0)
hipd/output.c (+0/-10)
lib/core/builder.c (+8/-93)
lib/core/builder.h (+0/-10)
lib/core/protodefs.h (+0/-23)
lib/core/solve.c (+1/-57)
lib/core/solve.h (+1/-4)
modules/midauth/hipd/midauth.c (+229/-0)
modules/midauth/hipd/midauth.h (+34/-0)
modules/midauth/lib/midauth_builder.c (+181/-0)
modules/midauth/lib/midauth_builder.h (+79/-0)
modules/midauth/module_info.xml (+47/-0)
test/check_modules_midauth.c (+46/-0)
test/modules/midauth/hipd/midauth.c (+120/-0)
test/modules/midauth/lib/midauth_builder.c (+265/-0)
test/modules/midauth/test_suites.h (+34/-0)
To merge this branch: bzr merge lp:~rene-hummen/hipl/midauth-hipd
Reviewer Review Type Date Requested Status
Diego Biurrun Needs Fixing
Stefan Götz Pending
Christof Mroz Pending
Review via email: mp+70736@code.launchpad.net

This proposal supersedes a proposal from 2011-07-19.

Description of the change

I have added unit tests and applied the feedback of the previous merge proposal. I will merge the code tomorrow afternoon if I do not receive further feedback. Please indicate your approval of the code by then.

To post a comment you must log in.
Revision history for this message
Diego Biurrun (diego-biurrun) wrote : Posted in a previous version of this proposal

 review needs-fixing

review: Needs Fixing
Revision history for this message
Christof Mroz (christof-mroz) wrote : Posted in a previous version of this proposal

Aside from Diego's comment's, it looks good to me. Minor point:

> + static const size_t min_length = sizeof(*request)
> + - sizeof(request->tlv)
> + - sizeof(request->opaque);

This exact same computation is used in other functions, so it could be refactored into a global... But OTOH this is unlikely to change anyway.

More ideally, a separate branch could rewrite all HIPL structures to utilize zero-length arrays (a C99 feature AFAIK), which would lead to a simpler length calculations and more flexibility when working with preallocated packet buffers (by not fixing their length in the struct itself).
This was already briefly discussed on the list before though.

review: Approve
Revision history for this message
René Hummen (rene-hummen) wrote : Posted in a previous version of this proposal

On 23.07.2011, at 00:59, Christof Mroz wrote:
> Review: Approve
> Aside from Diego's comment's, it looks good to me. Minor point:
>
>> + static const size_t min_length = sizeof(*request)
>> + - sizeof(request->tlv)
>> + - sizeof(request->opaque);
>
> This exact same computation is used in other functions, so it could be refactored into a global... But OTOH this is unlikely to change anyway.

This code is just repeated once for request and response respectively. I'm leaving it as it is.

René

--
Dipl.-Inform. Rene Hummen, Ph.D. Student
Chair of Communication and Distributed Systems
RWTH Aachen University, Germany
tel: +49 241 80 20772
web: http://www.comsys.rwth-aachen.de/team/rene-hummen/

Revision history for this message
René Hummen (rene-hummen) wrote : Posted in a previous version of this proposal

Diego, I have addressed the issues that you mentioned. Can you please approve the merge or give further feedback.

Revision history for this message
Diego Biurrun (diego-biurrun) wrote : Posted in a previous version of this proposal

On Mon, Jul 25, 2011 at 09:06:20AM +0000, René Hummen wrote:
> Diego, I have addressed the issues that you mentioned.

Where? I have not seen any commits from you nor an updated merge
proposal...

Diego

Revision history for this message
Diego Biurrun (diego-biurrun) wrote : Posted in a previous version of this proposal
Download full text (3.5 KiB)

 review needs-fixing

On Tue, Jul 19, 2011 at 05:18:19PM +0000, René Hummen wrote:
> René Hummen has proposed merging lp:~rene-hummen/hipl/midauth-hipd into lp:hipl.
>
> --- modules/midauth/hipd/midauth.c 1970-01-01 00:00:00 +0000
> +++ modules/midauth/hipd/midauth.c 2011-07-19 17:18:04 +0000
> @@ -0,0 +1,257 @@
> +
> +#include <errno.h>
> +#include <string.h>

You should add stdint.h for the POSIX integer types you use.

> +/**
> + * Handle the CHALLENGE_REQUEST parameter.
> + *
> + * @param packet_type The packet type of the control message (RFC 5201, 5.3.)
> + * @param ha_state The host association state (RFC 5201, 4.4.1.)
> + * @param ctx Pointer to the packet context, containing all information for
> + * the packet handling (received message, source and destination
> + * address, the ports and the corresponding entry from the host
> + * association database).

nit: The one-space indentation for the description block looks weird.

more below

> +int hip_midauth_init(void)
> +{
> + int err = 0;
> +
> + HIP_IFEL(lmod_register_parameter_type(HIP_PARAM_CHALLENGE_REQUEST,
> + "HIP_PARAM_CHALLENGE_REQUEST"),
> + -1, "failed to register parameter type\n");
> + HIP_IFEL(lmod_register_parameter_type(HIP_PARAM_CHALLENGE_RESPONSE,
> + "HIP_PARAM_CHALLENGE_RESPONSE"),
> + -1, "failed to register parameter type\n");
> +
> + HIP_IFEL(hip_register_handle_function(HIP_UPDATE,
> + HIP_STATE_R2_SENT,
> + &hip_add_host_id_param_update,
> + 20750),
> + -1, "Error on registering MIDAUTH handle function.\n");
> + HIP_IFEL(hip_register_handle_function(HIP_UPDATE,
> + HIP_STATE_ESTABLISHED,
> + &hip_add_host_id_param_update,
> + 20750),
> + -1, "Error on registering MIDAUTH handle function.\n");
> +
> +out_err:
> + return err;
> +}

HIP_IFEL abuse

> --- modules/midauth/lib/midauth_builder.c 1970-01-01 00:00:00 +0000
> +++ modules/midauth/lib/midauth_builder.c 2011-07-19 17:18:04 +0000
> @@ -0,0 +1,199 @@
> +
> +#include <string.h>

stdint.h

> + static const size_t min_length = sizeof(*request)
> + - sizeof(request->tlv)
> + - sizeof(request->opaque);
> +
> +
> + static const size_t min_length = sizeof(response)
> + - sizeof(response.tlv)
> + - sizeof(response.opaque);

nit: These would IMO look slightly more readable with the '-' at the
end of the line.

> + /* note: the length cannot be calculated with calc_param_len() */
> + hip_set_param_contents_len(&response.tlv, min_length + opaque_len);
> + hip_set_param_type(&response.tlv, HIP_PARAM_CHALLENGE_RESPONSE);
> +
> + memcpy(response.J, val_J, PUZZLE_LENGTH);
> + response.K = request->K;
> + response.lifetime = req...

Read more...

review: Needs Fixing
Revision history for this message
Stefan Götz (stefan.goetz-deactivatedaccount) wrote : Posted in a previous version of this proposal
Download full text (11.2 KiB)

Hi Rene!

> 4) There are no unit-tests for the hipd-related functionality as of now.
> However, we have tested the code extensively in three demos and I will add the
> tests at a later point in time.

Sorry, but I'm skeptical :-) As per our current policy, I cannot approve this without unit tests.

> === modified file 'firewall/midauth.h'
> === modified file 'lib/core/solve.c'
> === modified file 'lib/core/solve.h'

Please don't forget to update the Copyright dates when you modify files with
Copyright headers. Scatterbrains like myself may want to try out the pre-commit
hook in https://code.launchpad.net/~stefan.goetz/hipl/commitguard that
automatically checks for that.

> === added file 'modules/midauth/Makefile.am'

This file lacks a copyright statement.

> === added file 'modules/midauth/hipd/midauth.c'
> +/**
> + * Handle the CHALLENGE_REQUEST parameter.
> + *
> + * @param packet_type The packet type of the control message (RFC 5201, 5.3.)
> + * @param ha_state The host association state (RFC 5201, 4.4.1.)
> + * @param ctx Pointer to the packet context, containing all information for
> + * the packet handling (received message, source and destination
> + * address, the ports and the corresponding entry from the host
> + * association database).
> + *
> + * @return zero if the challenge was processed correctly or no challenge was
> + * attached to the packet, negative value otherwise

So it is not an error for a CHALLENGE_REQUEST parameter to be present but an actual challenge to be missing at the same time? Sounds like a protocol violation to me, though I haven't checked the RFC.

> +static int handle_challenge_request_param(UNUSED const uint8_t packet_type,
> + UNUSED const uint32_t ha_state,
> + struct hip_packet_context *ctx)

[M] policy: please ensure full const correctness for the 'ctx' function argument

> +{
> + const struct hip_challenge_request *request = NULL;
> +
> + request = hip_get_param(ctx->input_msg, HIP_PARAM_CHALLENGE_REQUEST);
> + if (!request) {
> + return 0;
> + }
> + // each on-path middlebox may add a challenge on its own
> + do {

> + // process next challenge parameter, if available
> + request = (const struct hip_challenge_request *)
> + hip_get_next_param(ctx->input_msg, &request->tlv);
> + } while (request && hip_get_param_type(request) == HIP_PARAM_CHALLENGE_REQUEST);

[L] simplicity: the 'if' check for '!request' and its extra 'return' statement could be avoided if a 'while(){}' loop was used instead of the 'do {} while ()' loop. That would make the code more readable in my opinion.

> +/**
> + * Add a HOST_ID parameter corresponding to the local HIT of the association to
> + * an UPDATE packet.
> + *
> + * @param packet_type The packet type of the control message (RFC 5201, 5.3.)
> + * @param ha_state The host association state (RFC 5201, 4.4.1.)
> + * @param ctx Pointer to the packet context, containing all information for
> + * the packet handling (received message, source and destination
> + * address, the ...

review: Needs Fixing
Revision history for this message
Christof Mroz (christof-mroz) wrote : Posted in a previous version of this proposal

On Sat, 30 Jul 2011 17:01:37 +0200, Stefan Götz
<email address hidden> wrote:

>> +{
>> + const struct hip_challenge_request *request = NULL;
>> +
>> + request = hip_get_param(ctx->input_msg,
>> HIP_PARAM_CHALLENGE_REQUEST);
>> + if (!request) {
>> + return 0;
>> + }
>> + // each on-path middlebox may add a challenge on its own
>> + do {
>
>> + // process next challenge parameter, if available
>> + request = (const struct hip_challenge_request *)
>> + hip_get_next_param(ctx->input_msg, &request->tlv);
>> + } while (request && hip_get_param_type(request) ==
>> HIP_PARAM_CHALLENGE_REQUEST);
>
> [L] simplicity: the 'if' check for '!request' and its extra 'return'
> statement could be avoided if a 'while(){}' loop was used instead of the
> 'do {} while ()' loop. That would make the code more readable in my
> opinion.

Could you elaborate? I originally wrote it this way because of the
"asymmetry" between hip_get_param() and hip_get_next_param().

Revision history for this message
Stefan Götz (stefan.goetz-deactivatedaccount) wrote : Posted in a previous version of this proposal

> Could you elaborate? I originally wrote it this way because of the
> "asymmetry" between hip_get_param() and hip_get_next_param().

Something like:

request = hip_get_param(ctx->input_msg, HIP_PARAM_CHALLENGE_REQUEST);
while (request && hip_get_param_type(request) == HIP_PARAM_CHALLENGE_REQUEST) {
    [...]
    request = (const struct hip_challenge_request *)
              hip_get_next_param(ctx->input_msg, &request->tlv);
}

Perfectly valid, but less common would also be

for (request = hip_get_param(ctx->input_msg, HIP_PARAM_CHALLENGE_REQUEST); request && hip_get_param_type(request) == HIP_PARAM_CHALLENGE_REQUEST; request = (const struct hip_challenge_request *) hip_get_next_param(ctx->input_msg, &request->tlv)) {
    [...]
}

Stefan

Revision history for this message
Diego Biurrun (diego-biurrun) wrote : Posted in a previous version of this proposal

On Sat, Jul 30, 2011 at 03:01:37PM +0000, Stefan Götz wrote:
>
> > === added file 'modules/midauth/Makefile.am'
>
> This file lacks a copyright statement.

All subdirectory Makefile.am snippets do. It is part of the modularization
silliness. I have a patch pending that merges the snippets into the
top-level Makefile.am.

Diego

Revision history for this message
René Hummen (rene-hummen) wrote : Posted in a previous version of this proposal

Thanks for your extensive review!

On 30.07.2011, at 17:01, Stefan Götz wrote:
> Review: Needs Fixing
> Hi Rene!
>
>> 4) There are no unit-tests for the hipd-related functionality as of now.
>> However, we have tested the code extensively in three demos and I will add the
>> tests at a later point in time.
>
> Sorry, but I'm skeptical :-) As per our current policy, I cannot approve this without unit tests.

Well, you are right. I'll add them now.

>> === modified file 'firewall/midauth.h'
>> === modified file 'lib/core/solve.c'
>> === modified file 'lib/core/solve.h'
>
> Please don't forget to update the Copyright dates when you modify files with
> Copyright headers. Scatterbrains like myself may want to try out the pre-commit
> hook in https://code.launchpad.net/~stefan.goetz/hipl/commitguard that
> automatically checks for that.

I just started using your commit guard after finishing this branch. Future commit should be bullet proof.

>> +static int handle_challenge_request_param(UNUSED const uint8_t packet_type,
>> + UNUSED const uint32_t ha_state,
>> + struct hip_packet_context *ctx)
>
> [M] policy: please ensure full const correctness for the 'ctx' function argument

Handle functions currently require the non-constness. This should be fixed in trunk.

>> +int hip_midauth_puzzle_seed(const uint8_t opaque[],
>> + const uint8_t opaque_len,
>> + uint8_t puzzle_value[PUZZLE_LENGTH])
>
> [M] lack of const correctness

I don't know how to make this more const correct. The prototype uses the pointer notation with complete const-correctness instead of arrays though.

René

--
Dipl.-Inform. Rene Hummen, Ph.D. Student
Chair of Communication and Distributed Systems
RWTH Aachen University, Germany
tel: +49 241 80 20772
web: http://www.comsys.rwth-aachen.de/team/rene-hummen/

Revision history for this message
René Hummen (rene-hummen) wrote : Posted in a previous version of this proposal

On 30.07.2011, at 17:01, Stefan Götz wrote:

> Review: Needs Fixing
> Hi Rene!
>
>> 4) There are no unit-tests for the hipd-related functionality as of now.
>> However, we have tested the code extensively in three demos and I will add the
>> tests at a later point in time.
>
> Sorry, but I'm skeptical :-) As per our current policy, I cannot approve this without unit tests.

I have added unit tests for all but the function below:

static int add_host_id_param_update(UNUSED const uint8_t packet_type,
                                    UNUSED const uint32_t ha_state,
                                    struct hip_packet_context *ctx)

The problem here is that hip_init_host_ids() is needed to set up the host id db for host id lookup within add_host_id_param_update(). However, hip_init_host_ids() requires root access to the file system. I have appended the unit test that I have written already, but is not included in my latest changes due to the restrictions I just explained.

START_TEST(test_midauth_add_host_id_param_update_CORRECT)
{
    const uint8_t opaque[] = "\x01\x41\x01\x14\x05\x00\x48\x49\x0b"
                              "\x02\x42\x02\x15\x06\x08\x49\x50\x0c";
    struct hip_packet_context ctx = { 0 };

    ctx.input_msg = hip_msg_alloc();
    ctx.output_msg = hip_msg_alloc();

    hip_init_hostid_db();
    hip_init_host_ids();
    hip_get_default_hit(&ctx.input_msg->hitr);

    fail_unless(hip_build_param_challenge_request(ctx.input_msg, 0, 0, opaque,
                                                  MIDAUTH_DEFAULT_NONCE_LENGTH) ==
                0, NULL);
    fail_unless(add_host_id_param_update(0, 0, &ctx) == 0, NULL);
    fail_unless((hip_get_param(ctx.output_msg,
                                         HIP_PARAM_HOST_ID)) != NULL,
                    NULL);
}
END_TEST

Ciao,
René

--
Dipl.-Inform. Rene Hummen, Ph.D. Student
Chair of Communication and Distributed Systems
RWTH Aachen University, Germany
tel: +49 241 80 20772
web: http://www.comsys.rwth-aachen.de/team/rene-hummen/

Revision history for this message
Stefan Götz (stefan.goetz-deactivatedaccount) wrote : Posted in a previous version of this proposal
Download full text (4.3 KiB)

Hi Rene!

Thanks for all the not so trivial improvements! Almost happy now :)

> === modified file 'Makefile.am'
> --- Makefile.am 2011-07-11 12:50:33 +0000
> +++ Makefile.am 2011-08-04 17:15:48 +0000
> @@ -215,10 +220,16 @@
> test/lib/tool/checksum.c \
> test/lib/tool/pk.c
>
> +test_check_modules_midauth_SOURCES = test/check_modules_midauth.c \
> + test/modules/midauth/lib/midauth_builder.c \
> + test/modules/midauth/hipd/midauth.c \
> + $(hipd_hipd_sources)
> +
> # Include module Makefile.am's.
> # TODO: Make this inclusion dynamic
> include modules/heartbeat/Makefile.am
> include modules/heartbeat_update/Makefile.am
> +include modules/midauth/Makefile.am
> include modules/update/Makefile.am

[L] I think with Diego's recent change, the contents of the module Makefile.am should be moved into the top-level Makefile.am? Not sure.

> === added file 'modules/midauth/hipd/midauth.c'
> +/**
> + * Initialization function for the midauth module.
> + *
> + * @return zero on success, negative value otherwise
> + */
> +int hip_midauth_init(void)

[L] I don't like the code duplication in this function very much, even if it's just boiler plate code. Here are some optional suggestions for improvement.

> +{
> + int err = 0;

[L] Get rid of this and don't use HIP_IFEL at all because there is no cleanup.

> +
> + HIP_IFEL(lmod_register_parameter_type(HIP_PARAM_CHALLENGE_REQUEST,
> + "HIP_PARAM_CHALLENGE_REQUEST"),
> + -1, "failed to register parameter type\n");
> + HIP_IFEL(lmod_register_parameter_type(HIP_PARAM_CHALLENGE_RESPONSE,
> + "HIP_PARAM_CHALLENGE_RESPONSE"),
> + -1, "failed to register parameter type\n");

[L] Is the second parameter always the string version of the the first? If so, a macro with stringification would avoid that duplication.

> +
> + HIP_IFEL(hip_register_handle_function(HIP_R1,
> + HIP_STATE_I1_SENT,
> + &handle_challenge_request_param,
> + 32500),
> + -1, "Error on registering MIDAUTH handle function.\n");
> + HIP_IFEL(hip_register_handle_function(HIP_R1,
> + HIP_STATE_I2_SENT,
> + &handle_challenge_request_param,
> + 32500),
> + -1, "Error on registering MIDAUTH handle function.\n");
> + HIP_IFEL(hip_register_handle_function(HIP_R1,
> + HIP_STATE_CLOSING,
> + &handle_challenge_request_param,
> + 32500),
> + -1, "Error on registering MIDAUTH handle function.\n");
> + HIP_IFEL(hip_register_handle_function(HIP_R1,
> + HIP_STATE_CLOSED,
> + ...

Read more...

review: Needs Fixing
Revision history for this message
Stefan Götz (stefan.goetz-deactivatedaccount) wrote : Posted in a previous version of this proposal

Hi Rene!

> I have added unit tests for all but the function below:

Cool!

> The problem here is that hip_init_host_ids() is needed to set up the host id db for host id lookup within add_host_id_param_update(). However, hip_init_host_ids() requires root access to the file system. I have appended the unit test that I have written already, but is not included in my latest changes due to the restrictions I just explained.

How about adding the check 'if (!getuid()) { [UNIT TEST CODE] } else {
printf("The unit test %s requires root privileges.\n", __FUNCTION__); }' to the
unit test? Would that seem like a reasonable thing to do?

Stefan

Revision history for this message
René Hummen (rene-hummen) wrote : Posted in a previous version of this proposal
Download full text (3.3 KiB)

On 04.08.2011, at 20:41, Stefan Götz wrote:
> Review: Needs Fixing
> Hi Rene!
>
> Thanks for all the not so trivial improvements! Almost happy now :)
>
>> === modified file 'Makefile.am'
>> --- Makefile.am 2011-07-11 12:50:33 +0000
>> +++ Makefile.am 2011-08-04 17:15:48 +0000
>> @@ -215,10 +220,16 @@
>> test/lib/tool/checksum.c \
>> test/lib/tool/pk.c
>>
>> +test_check_modules_midauth_SOURCES = test/check_modules_midauth.c \
>> + test/modules/midauth/lib/midauth_builder.c \
>> + test/modules/midauth/hipd/midauth.c \
>> + $(hipd_hipd_sources)
>> +
>> # Include module Makefile.am's.
>> # TODO: Make this inclusion dynamic
>> include modules/heartbeat/Makefile.am
>> include modules/heartbeat_update/Makefile.am
>> +include modules/midauth/Makefile.am
>> include modules/update/Makefile.am
>
> [L] I think with Diego's recent change, the contents of the module Makefile.am should be moved into the top-level Makefile.am? Not sure.

Diego's changes have not yet been merged to trunk. Hence, I would prefer to modify the Makefile with his merge.

>> +
>> + HIP_IFEL(lmod_register_parameter_type(HIP_PARAM_CHALLENGE_REQUEST,
>> + "HIP_PARAM_CHALLENGE_REQUEST"),
>> + -1, "failed to register parameter type\n");
>> + HIP_IFEL(lmod_register_parameter_type(HIP_PARAM_CHALLENGE_RESPONSE,
>> + "HIP_PARAM_CHALLENGE_RESPONSE"),
>> + -1, "failed to register parameter type\n");
>
> [L] Is the second parameter always the string version of the the first? If so, a macro with stringification would avoid that duplication.

They need not be the same, but it makes sense to do so. The string is used for debugging output. Feel free to adjust and improve lmod_register_parameter_type() globally. I don't see that such a change is in the scope of this branch though.

>> + HIP_IFEL(hip_register_handle_function(HIP_R1,
>> + HIP_STATE_CLOSED,
>> + &handle_challenge_request_param,
>> + 32500),
>> + -1, "Error on registering MIDAUTH handle function.\n");
>
> [M] as I just see this: the magic numbers 32500 really must be replaced with something more meaningful!

You are right. The priority is for handle functions is somewhat random at the moment. This should be fixed for all handle functions in a separate branch.

> [L] How about:
>
> int states[4] = { HIP_STATE_I1_SENT, [...] };
> for (unsigned i = 0; i < ARRAY_SIZE(states); i++) {
> if (hip_register_handle_function(HIP_R1,
> states[i],
> &handle_challenge_request_param,
> 32500)) {
> HIP_ERROR("Error on registering MIDAUTH handle function.\n");
> return -1;
> }
> }
>
> and similar for all the registrations below?

Good idea. I changed the code accordingly.

--
Dipl.-Inform...

Read more...

Revision history for this message
René Hummen (rene-hummen) wrote :

On 08.08.2011, at 15:05, René Hummen wrote:
> René Hummen has proposed merging lp:~rene-hummen/hipl/midauth-hipd into lp:hipl.
>
> Requested reviews:
> Christof Mroz (christof-mroz)
> Diego Biurrun (diego-biurrun)
> Stefan Götz (stefan.goetz)
>
> For more details, see:
> https://code.launchpad.net/~rene-hummen/hipl/midauth-hipd/+merge/70736
>
> I have added unit tests and applied the feedback of the previous merge proposal. I will merge the code tomorrow afternoon if I do not receive further feedback. Please indicate your approval of the code by then.

> +<<<<<<< TREE
> +=======
> +test_check_modules_midauth_SOURCES = test/check_modules_midauth.c \
> + test/modules/midauth/lib/midauth_builder.c \
> + test/modules/midauth/hipd/midauth.c \
> + $(hipd_hipd_sources)
> +
> +# Include module Makefile.am's.
> +# TODO: Make this inclusion dynamic
> +include modules/heartbeat/Makefile.am
> +include modules/heartbeat_update/Makefile.am
> +include modules/midauth/Makefile.am
> +include modules/update/Makefile.am
> +
> +>>>>>>> MERGE-SOURCE

I'll resolve this conflict during the merge by only using the main makefile.

--
Dipl.-Inform. Rene Hummen, Ph.D. Student
Chair of Communication and Distributed Systems
RWTH Aachen University, Germany
tel: +49 241 80 20772
web: http://www.comsys.rwth-aachen.de/team/rene-hummen/

Revision history for this message
Diego Biurrun (diego-biurrun) wrote :

 review needs-fixing

On Mon, Aug 08, 2011 at 01:05:16PM +0000, René Hummen wrote:
> René Hummen has proposed merging lp:~rene-hummen/hipl/midauth-hipd into lp:hipl.
>
> --- Makefile.am 2011-08-05 11:00:52 +0000
> +++ Makefile.am 2011-08-08 13:01:27 +0000
> @@ -91,7 +93,7 @@
>
> -hipd_hipd_SOURCES = hipd/accessor.c \
> +hipd_hipd_sources = hipd/accessor.c \

Hmmmm...

> @@ -128,9 +130,12 @@
>
> if HIP_MIDAUTH
> -hipd_hipd_SOURCES += hipd/pisa.c
> +hipd_hipd_sources += hipd/pisa.c
> endif
>
> +hipd_hipd_SOURCES = $(hipd_hipd_sources) \
> + hipd/main.c

Umm, this looks like a giant hack. Why is the main function moved around
like this?

> @@ -220,6 +225,21 @@
>
> +<<<<<<< TREE
> +=======
> +test_check_modules_midauth_SOURCES = test/check_modules_midauth.c \
> + test/modules/midauth/lib/midauth_builder.c \
> + test/modules/midauth/hipd/midauth.c \
> + $(hipd_hipd_sources)
> +
> +# Include module Makefile.am's.
> +# TODO: Make this inclusion dynamic
> +include modules/heartbeat/Makefile.am
> +include modules/heartbeat_update/Makefile.am
> +include modules/midauth/Makefile.am
> +include modules/update/Makefile.am
> +
> +>>>>>>> MERGE-SOURCE

Umm, no. Sorry to be blunt here, but this is not acceptable. We need
to find a way to block merge requests with conflicts. Yes, it's a bug
in Bazaar to accept them in the first place, but if our tools are not
smart enough we will need to find a protocol to work around this.

Submitting merge requests with conflicts is a needless waste of reviewer
time. Now that I'm no longer a paid member of the project I'll exercise
my privilege of free time allocation and refuse to review such merge
requests outright. :)

Any branch that gets submitted for merging and not just as an RFC needs
to pass all mechanical checks that we have. That means compiling and
passing the test suite, ideally plus a few manual tests. There is no
point in using humans to check a branch before feeding it to the compiler.
Plus, reviewer time is the scarce resource that we need to preserve.

I also think we need to rethink this whole "modularization" thing that
is adding complication in return for no practical benefit before we
entrench it further via more "modules".

Diego

review: Needs Fixing
lp:~rene-hummen/hipl/midauth-hipd updated
6043. By Diego Biurrun

cosmetics: fix 'null' vs. 'NULL' typo

6044. By Diego Biurrun

builder: clean up return handling

Return values directly instead of setting a variable, jumping
to a goto label and returning the variable there.

6045. By Diego Biurrun

nlink: drop some pointless void* casts

Revision history for this message
Christof Mroz (christof-mroz) wrote :

Looks good, aside from what Diego mentioned already (I'll approve as soon as the conflict is resolved). One minor point:

+/**
+ * Convert the opaque value in the CHALLENGE_REQUEST to the seed value I of a
+ * HIP puzzle.
+ *
+ * The opaque value plays a dual role in a CHALLENGE_REQUEST:
+ * i) it is a challenge that needs to be echoed back by the responder and
+ * ii) it is used to derive the seed value for a cryptographic puzzle. The
+ * puzzle is defined in RFC5201.
+ *
+ * @param opaque the nonce (challenge) in the CHALLENGE_REQUEST
+ * @param opaque_len the length of the nonce
+ * @param puzzle_value the puzzle value generated from the nonce
+ * @return zero on success, -1 in case of an error
+ */
+int hip_midauth_puzzle_seed(const uint8_t opaque[],
+ const unsigned int opaque_len,
+ uint8_t puzzle_value[PUZZLE_LENGTH])
+{
+ unsigned char sha_digest[SHA_DIGEST_LENGTH];
+

+ if (!puzzle_value) {
+ HIP_ERROR("Parameter puzzle_value is not allocated\n");
+ return -1;
+ }

This looks like it should never happen, i.e. an assertion would be more appropriate. Same for the opaque parameter.

lp:~rene-hummen/hipl/midauth-hipd updated
6094. By René Hummen

replace if statement by HIP_ASSERT

Modify unit test accordingly.

6095. By René Hummen

move instruction from module Makefile to central one

Revision history for this message
René Hummen (rene-hummen) wrote :

On 08.08.2011, at 17:01, Christof Mroz wrote:
> Looks good, aside from what Diego mentioned already (I'll approve as soon as the conflict is resolved). One minor point:
>
> +/**
> + * Convert the opaque value in the CHALLENGE_REQUEST to the seed value I of a
> + * HIP puzzle.
> + *
> + * The opaque value plays a dual role in a CHALLENGE_REQUEST:
> + * i) it is a challenge that needs to be echoed back by the responder and
> + * ii) it is used to derive the seed value for a cryptographic puzzle. The
> + * puzzle is defined in RFC5201.
> + *
> + * @param opaque the nonce (challenge) in the CHALLENGE_REQUEST
> + * @param opaque_len the length of the nonce
> + * @param puzzle_value the puzzle value generated from the nonce
> + * @return zero on success, -1 in case of an error
> + */
> +int hip_midauth_puzzle_seed(const uint8_t opaque[],
> + const unsigned int opaque_len,
> + uint8_t puzzle_value[PUZZLE_LENGTH])
> +{
> + unsigned char sha_digest[SHA_DIGEST_LENGTH];
> +
>
> + if (!puzzle_value) {
> + HIP_ERROR("Parameter puzzle_value is not allocated\n");
> + return -1;
> + }
>
> This looks like it should never happen, i.e. an assertion would be more appropriate. Same for the opaque parameter.

You are right. I implemented it as an if statement because in contrast to asserts HIP_ASSERTs are always executed. I changed this to HIP_ASSERT nevertheless in order to make a transition to assert() less painful in the future.

Ciao,
René

--
Dipl.-Inform. Rene Hummen, Ph.D. Student
Chair of Communication and Distributed Systems
RWTH Aachen University, Germany
tel: +49 241 80 20772
web: http://www.comsys.rwth-aachen.de/team/rene-hummen/

Revision history for this message
René Hummen (rene-hummen) wrote :

I resolved the remaining issues. No further feedback has been given, so I will merge the code as announced yesterday.

Revision history for this message
René Hummen (rene-hummen) wrote :
Download full text (3.7 KiB)

On 08.08.2011, at 16:31, Diego Biurrun wrote:
> Review: Needs Fixing
> review needs-fixing
>
> On Mon, Aug 08, 2011 at 01:05:16PM +0000, René Hummen wrote:
>> René Hummen has proposed merging lp:~rene-hummen/hipl/midauth-hipd into lp:hipl.
>>
>> --- Makefile.am 2011-08-05 11:00:52 +0000
>> +++ Makefile.am 2011-08-08 13:01:27 +0000
>> @@ -91,7 +93,7 @@
>>
>> -hipd_hipd_SOURCES = hipd/accessor.c \
>> +hipd_hipd_sources = hipd/accessor.c \
>
> Hmmmm...
>
>> @@ -128,9 +130,12 @@
>>
>> if HIP_MIDAUTH
>> -hipd_hipd_SOURCES += hipd/pisa.c
>> +hipd_hipd_sources += hipd/pisa.c
>> endif
>>
>> +hipd_hipd_SOURCES = $(hipd_hipd_sources) \
>> + hipd/main.c
>
> Umm, this looks like a giant hack. Why is the main function moved around
> like this?

It was necessary to exclude the main function of the hipd for enabling unit tests (they ship their own main). One option was to move the main of the hipd to a different file and another one to exclude it by means of #ifdef. I chose to first option to be consistent with the unit tests in the firewall. hipd_hipd_sources are now used by hipd and the unit tests, so I don't see the point in keeping the list twice instead of maintaining it in a separate variable (same as for the firewall again).

>> @@ -220,6 +225,21 @@
>>
>> +<<<<<<< TREE
>> +=======
>> +test_check_modules_midauth_SOURCES = test/check_modules_midauth.c \
>> + test/modules/midauth/lib/midauth_builder.c \
>> + test/modules/midauth/hipd/midauth.c \
>> + $(hipd_hipd_sources)
>> +
>> +# Include module Makefile.am's.
>> +# TODO: Make this inclusion dynamic
>> +include modules/heartbeat/Makefile.am
>> +include modules/heartbeat_update/Makefile.am
>> +include modules/midauth/Makefile.am
>> +include modules/update/Makefile.am
>> +
>> +>>>>>>> MERGE-SOURCE
>
> Umm, no. Sorry to be blunt here, but this is not acceptable. We need
> to find a way to block merge requests with conflicts. Yes, it's a bug
> in Bazaar to accept them in the first place, but if our tools are not
> smart enough we will need to find a protocol to work around this.
>
> Submitting merge requests with conflicts is a needless waste of reviewer
> time. Now that I'm no longer a paid member of the project I'll exercise
> my privilege of free time allocation and refuse to review such merge
> requests outright. :)
>
> Any branch that gets submitted for merging and not just as an RFC needs
> to pass all mechanical checks that we have. That means compiling and
> passing the test suite, ideally plus a few manual tests. There is no
> point in using humans to check a branch before feeding it to the compiler.
> Plus, reviewer time is the scarce resource that we need to preserve.

I forgot your merge between my rebase and my merge proposal. That's why I didn't apply step (3) of the workflow below. I would have resubmitted my proposal after realizing this if the conflicts have been more serious. Of course you can refuse to review the merge request because of this.

IMO, we should have a merge proposal workflow t...

Read more...

Revision history for this message
Diego Biurrun (diego-biurrun) wrote :

On Wed, Aug 10, 2011 at 08:26:01AM +0000, René Hummen wrote:
>
> IMO, we should have a merge proposal workflow that states:
> 1.) Prepare your branch to an extend that you would except it yourself.
> 2.) Ensure that policies are followed (no compile warnings, correct
> coding style, const correctness, and unit tests).
> 3.) Locally merge to trunk in order to check for merge conflicts.
> 4.) If (1) - (3) have successfully been applied, propose your branch for merge.

The order is wrong, trunk should be merged or rebased *before* running
tests and preparing the branch. Nobody cares if the branch works, the
important thing is trunk.

> Did I forget anything important?

Yes:

5) Do not push your branch before addressing review comments.

Diego

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file '.bzrignore'
--- .bzrignore 2011-07-21 17:27:23 +0000
+++ .bzrignore 2011-08-09 11:19:24 +0000
@@ -56,6 +56,7 @@
56test/check_firewall56test/check_firewall
57test/check_lib_core57test/check_lib_core
58test/check_lib_tool58test/check_lib_tool
59test/check_modules_midauth
59test/dh_performance60test/dh_performance
60test/fw_port_bindings_performance61test/fw_port_bindings_performance
61test/hc_performance62test/hc_performance
6263
=== modified file 'Makefile.am'
--- Makefile.am 2011-08-05 11:00:52 +0000
+++ Makefile.am 2011-08-09 11:19:24 +0000
@@ -70,10 +70,12 @@
70if HIP_UNITTESTS70if HIP_UNITTESTS
71TESTS = test/check_firewall \71TESTS = test/check_firewall \
72 test/check_lib_core \72 test/check_lib_core \
73 test/check_lib_tool73 test/check_lib_tool \
74 test/check_modules_midauth
74check_PROGRAMS = test/check_firewall \75check_PROGRAMS = test/check_firewall \
75 test/check_lib_core \76 test/check_lib_core \
76 test/check_lib_tool77 test/check_lib_tool \
78 test/check_modules_midauth
77endif79endif
7880
7981
@@ -91,7 +93,7 @@
91tools_hipconf_SOURCES = tools/hipconf.c93tools_hipconf_SOURCES = tools/hipconf.c
92tools_pisacert_SOURCES = tools/pisacert.c94tools_pisacert_SOURCES = tools/pisacert.c
9395
94hipd_hipd_SOURCES = hipd/accessor.c \96hipd_hipd_sources = hipd/accessor.c \
95 hipd/cert.c \97 hipd/cert.c \
96 hipd/close.c \98 hipd/close.c \
97 hipd/configfilereader.c \99 hipd/configfilereader.c \
@@ -122,15 +124,20 @@
122 hipd/user_ipsec_sadb_api.c \124 hipd/user_ipsec_sadb_api.c \
123 modules/heartbeat/hipd/heartbeat.c \125 modules/heartbeat/hipd/heartbeat.c \
124 modules/heartbeat_update/hipd/hb_update.c \126 modules/heartbeat_update/hipd/hb_update.c \
127 modules/midauth/lib/midauth_builder.c \
125 modules/update/hipd/update.c \128 modules/update/hipd/update.c \
126 modules/update/hipd/update_builder.c \129 modules/update/hipd/update_builder.c \
127 modules/update/hipd/update_locator.c \130 modules/update/hipd/update_locator.c \
128 modules/update/hipd/update_param_handling.c131 modules/update/hipd/update_param_handling.c
129132
130if HIP_MIDAUTH133if HIP_MIDAUTH
131hipd_hipd_SOURCES += hipd/pisa.c134hipd_hipd_sources += hipd/pisa.c
132endif135endif
133136
137hipd_hipd_SOURCES = $(hipd_hipd_sources) \
138 modules/midauth/hipd/midauth.c \
139 hipd/main.c
140
134firewall_hipfw_sources = firewall/cache.c \141firewall_hipfw_sources = firewall/cache.c \
135 firewall/dlist.c \142 firewall/dlist.c \
136 firewall/esp_prot_api.c \143 firewall/esp_prot_api.c \
@@ -150,7 +157,8 @@
150 firewall/user_ipsec_api.c \157 firewall/user_ipsec_api.c \
151 firewall/user_ipsec_esp.c \158 firewall/user_ipsec_esp.c \
152 firewall/user_ipsec_fw_msg.c \159 firewall/user_ipsec_fw_msg.c \
153 firewall/user_ipsec_sadb.c160 firewall/user_ipsec_sadb.c \
161 modules/midauth/lib/midauth_builder.c
154162
155if HIP_MIDAUTH163if HIP_MIDAUTH
156firewall_hipfw_sources += firewall/midauth.c \164firewall_hipfw_sources += firewall/midauth.c \
@@ -220,6 +228,12 @@
220 test/lib/tool/checksum.c \228 test/lib/tool/checksum.c \
221 test/lib/tool/pk.c229 test/lib/tool/pk.c
222230
231test_check_modules_midauth_SOURCES = test/check_modules_midauth.c \
232 test/modules/midauth/lib/midauth_builder.c \
233 test/modules/midauth/hipd/midauth.c \
234 $(hipd_hipd_sources)
235
236
223### static library dependencies ###237### static library dependencies ###
224238
225firewall_hipfw_LDADD = lib/core/libhipcore.la239firewall_hipfw_LDADD = lib/core/libhipcore.la
@@ -228,6 +242,7 @@
228test_check_firewall_LDADD = lib/core/libhipcore.la242test_check_firewall_LDADD = lib/core/libhipcore.la
229test_check_lib_core_LDADD = lib/core/libhipcore.la243test_check_lib_core_LDADD = lib/core/libhipcore.la
230test_check_lib_tool_LDADD = lib/core/libhipcore.la244test_check_lib_tool_LDADD = lib/core/libhipcore.la
245test_check_modules_midauth_LDADD = lib/core/libhipcore.la
231test_certteststub_LDADD = lib/core/libhipcore.la246test_certteststub_LDADD = lib/core/libhipcore.la
232test_dh_performance_LDADD = lib/core/libhipcore.la247test_dh_performance_LDADD = lib/core/libhipcore.la
233test_fw_port_bindings_performance_LDADD = lib/core/libhipcore.la248test_fw_port_bindings_performance_LDADD = lib/core/libhipcore.la
234249
=== modified file 'firewall/midauth.h'
--- firewall/midauth.h 2011-04-20 09:10:18 +0000
+++ firewall/midauth.h 2011-08-09 11:19:24 +0000
@@ -1,5 +1,5 @@
1/*1/*
2 * Copyright (c) 2010 Aalto University and RWTH Aachen University.2 * Copyright (c) 2010-2011 Aalto University and RWTH Aachen University.
3 *3 *
4 * Permission is hereby granted, free of charge, to any person4 * Permission is hereby granted, free of charge, to any person
5 * obtaining a copy of this software and associated documentation5 * obtaining a copy of this software and associated documentation
@@ -36,6 +36,7 @@
36#include <stdint.h>36#include <stdint.h>
3737
38#include "lib/core/protodefs.h"38#include "lib/core/protodefs.h"
39#include "modules/midauth/lib/midauth_builder.h"
39#include "firewall_defines.h"40#include "firewall_defines.h"
4041
41typedef int (*midauth_handler)(struct hip_fw_context *ctx);42typedef int (*midauth_handler)(struct hip_fw_context *ctx);
4243
=== modified file 'hipd/hipd.c'
--- hipd/hipd.c 2011-05-16 11:39:06 +0000
+++ hipd/hipd.c 2011-08-09 11:19:24 +0000
@@ -205,7 +205,7 @@
205 * @param flags pointer to the startup flags container205 * @param flags pointer to the startup flags container
206 * @return nonzero if the caller should exit, 0 otherwise206 * @return nonzero if the caller should exit, 0 otherwise
207 */207 */
208static int hipd_parse_cmdline_opts(int argc, char *argv[], uint64_t *flags)208int hipd_parse_cmdline_opts(int argc, char *argv[], uint64_t *flags)
209{209{
210 int c;210 int c;
211211
@@ -276,7 +276,7 @@
276 * @param flags startup flags276 * @param flags startup flags
277 * @return 0 on success, negative error code otherwise277 * @return 0 on success, negative error code otherwise
278 */278 */
279static int hipd_main(uint64_t flags)279int hipd_main(uint64_t flags)
280{280{
281 int highest_descriptor = 0, err = 0;281 int highest_descriptor = 0, err = 0;
282 struct timeval timeout;282 struct timeval timeout;
@@ -422,48 +422,3 @@
422422
423 return err;423 return err;
424}424}
425
426/**
427 * the main function for hipd
428 *
429 * @param argc number of command line arguments
430 * @param argv the command line arguments
431 * @return zero on success or negative on error
432 */
433int main(int argc, char *argv[])
434{
435 uint64_t sflags = HIPD_START_FOREGROUND | HIPD_START_LOWCAP;
436
437 /* The flushing is enabled by default. The reason for this is that
438 * people are doing some very experimental features on some branches
439 * that may crash the daemon and leave the SAs floating around to
440 * disturb further base exchanges. Use -N flag to disable this. */
441 sflags |= HIPD_START_FLUSH_IPSEC;
442
443 /* The default behaviour is to allow hipd to load the required modules
444 * and unload them when exiting.
445 */
446 sflags |= HIPD_START_LOAD_KMOD;
447
448 /* set the initial verbosity level */
449 hip_set_logdebug(LOGDEBUG_MEDIUM);
450
451 /* One should be able to check the hipd version and usage,
452 * even without having root privileges.
453 */
454 if (hipd_parse_cmdline_opts(argc, argv, &sflags)) {
455 return EXIT_SUCCESS;
456 }
457
458 /* We need to recreate the NAT UDP sockets to bind to the new port. */
459 if (getuid()) {
460 HIP_ERROR("hipd must be started as root!\n");
461 return EXIT_FAILURE;
462 }
463
464 if (hipd_main(sflags)) {
465 return EXIT_FAILURE;
466 }
467
468 return EXIT_SUCCESS;
469}
470425
=== modified file 'hipd/hipd.h'
--- hipd/hipd.h 2011-05-16 11:00:04 +0000
+++ hipd/hipd.h 2011-08-09 11:19:24 +0000
@@ -112,4 +112,7 @@
112/* Functions for handling outgoing packets. */112/* Functions for handling outgoing packets. */
113int hip_sendto_firewall(const struct hip_common *msg);113int hip_sendto_firewall(const struct hip_common *msg);
114114
115int hipd_parse_cmdline_opts(int argc, char *argv[], uint64_t * flags);
116int hipd_main(uint64_t flags);
117
115#endif /* HIP_HIPD_HIPD_H */118#endif /* HIP_HIPD_HIPD_H */
116119
=== added file 'hipd/main.c'
--- hipd/main.c 1970-01-01 00:00:00 +0000
+++ hipd/main.c 2011-08-09 11:19:24 +0000
@@ -0,0 +1,84 @@
1/*
2 * Copyright (c) 2010-2011 Aalto University and RWTH Aachen University.
3 *
4 * Permission is hereby granted, free of charge, to any person
5 * obtaining a copy of this software and associated documentation
6 * files (the "Software"), to deal in the Software without
7 * restriction, including without limitation the rights to use,
8 * copy, modify, merge, publish, distribute, sublicense, and/or sell
9 * copies of the Software, and to permit persons to whom the
10 * Software is furnished to do so, subject to the following
11 * conditions:
12 *
13 * The above copyright notice and this permission notice shall be
14 * included in all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
17 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
18 * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
19 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
20 * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
21 * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
22 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
23 * OTHER DEALINGS IN THE SOFTWARE.
24 */
25
26/**
27 * @file
28 * The HIPL main file containing the daemon main function.
29 */
30
31#include <stdint.h>
32#include <unistd.h>
33#include <sys/types.h>
34
35
36#include "hipd/hipd.h"
37#include "init.h"
38#include "lib/core/debug.h"
39
40
41/**
42 * the main function for hipd
43 *
44 * @param argc number of command line arguments
45 * @param argv the command line arguments
46 * @return zero on success or negative on error
47 */
48int main(int argc, char *argv[])
49{
50 uint64_t sflags = HIPD_START_FOREGROUND | HIPD_START_LOWCAP;
51
52 /* The flushing is enabled by default. The reason for this is that
53 * people are doing some very experimental features on some branches
54 * that may crash the daemon and leave the SAs floating around to
55 * disturb further base exchanges. Use -N flag to disable this. */
56 sflags |= HIPD_START_FLUSH_IPSEC;
57
58 /* The default behaviour is to allow hipd to load the required modules
59 * and unload them when exiting.
60 */
61 sflags |= HIPD_START_LOAD_KMOD;
62
63 /* set the initial verbosity level */
64 hip_set_logdebug(LOGDEBUG_MEDIUM);
65
66 /* One should be able to check the hipd version and usage,
67 * even without having root privileges.
68 */
69 if (hipd_parse_cmdline_opts(argc, argv, &sflags)) {
70 return EXIT_SUCCESS;
71 }
72
73 /* We need to recreate the NAT UDP sockets to bind to the new port. */
74 if (getuid()) {
75 HIP_ERROR("hipd must be started as root!\n");
76 return EXIT_FAILURE;
77 }
78
79 if (hipd_main(sflags)) {
80 return EXIT_FAILURE;
81 }
82
83 return EXIT_SUCCESS;
84}
085
=== modified file 'hipd/output.c'
--- hipd/output.c 2011-08-08 13:33:21 +0000
+++ hipd/output.c 2011-08-09 11:19:24 +0000
@@ -1050,16 +1050,6 @@
10501050
1051 /********** CHALLENGE_RESPONSE **********/1051 /********** CHALLENGE_RESPONSE **********/
1052#ifdef CONFIG_HIP_MIDAUTH1052#ifdef CONFIG_HIP_MIDAUTH
1053 /** @todo no caching is done for PUZZLE_M parameters. This may be
1054 * a DOS attack vector.
1055 */
1056 HIP_IFEL(hip_solve_puzzle_m(ctx->output_msg, ctx->input_msg),
1057 -1, "Building of Challenge_Response failed\n");
1058 midauth_cert = hip_pisa_get_certificate();
1059
1060 HIP_IFEL(hip_build_param(ctx->output_msg, ctx->hadb_entry->our_pub), -1,
1061 "Building of host id failed\n");
1062
1063 /* For now we just add some random data to see if it works */1053 /* For now we just add some random data to see if it works */
1064 HIP_IFEL(hip_build_param_cert(ctx->output_msg, 1, 1, 1, 1, midauth_cert,1054 HIP_IFEL(hip_build_param_cert(ctx->output_msg, 1, 1, 1, 1, midauth_cert,
1065 strlen(midauth_cert)),1055 strlen(midauth_cert)),
10661056
=== modified file 'lib/core/builder.c'
--- lib/core/builder.c 2011-08-08 14:35:56 +0000
+++ lib/core/builder.c 2011-08-09 11:19:24 +0000
@@ -679,13 +679,6 @@
679 HIP_PARAM_ESP_PROT_BRANCH,679 HIP_PARAM_ESP_PROT_BRANCH,
680 HIP_PARAM_ESP_PROT_SECRET,680 HIP_PARAM_ESP_PROT_SECRET,
681 HIP_PARAM_ESP_PROT_ROOT681 HIP_PARAM_ESP_PROT_ROOT
682#ifdef CONFIG_HIP_MIDAUTH
683 ,
684 HIP_PARAM_ECHO_REQUEST_M,
685 HIP_PARAM_ECHO_RESPONSE_M,
686 HIP_PARAM_CHALLENGE_REQUEST,
687 HIP_PARAM_CHALLENGE_RESPONSE
688#endif /* CONFIG_HIP_MIDAUTH */
689 };682 };
690 hip_tlv type = hip_get_param_type(param);683 hip_tlv type = hip_get_param_type(param);
691684
@@ -1166,10 +1159,8 @@
1166 case HIP_PARAM_DST_ADDR: return "HIP_PARAM_DST_ADDR";1159 case HIP_PARAM_DST_ADDR: return "HIP_PARAM_DST_ADDR";
1167 case HIP_PARAM_ECHO_REQUEST: return "HIP_PARAM_ECHO_REQUEST";1160 case HIP_PARAM_ECHO_REQUEST: return "HIP_PARAM_ECHO_REQUEST";
1168 case HIP_PARAM_ECHO_REQUEST_SIGN: return "HIP_PARAM_ECHO_REQUEST_SIGN";1161 case HIP_PARAM_ECHO_REQUEST_SIGN: return "HIP_PARAM_ECHO_REQUEST_SIGN";
1169 case HIP_PARAM_ECHO_REQUEST_M: return "HIP_PARAM_ECHO_REQUEST_M";
1170 case HIP_PARAM_ECHO_RESPONSE: return "HIP_PARAM_ECHO_RESPONSE";1162 case HIP_PARAM_ECHO_RESPONSE: return "HIP_PARAM_ECHO_RESPONSE";
1171 case HIP_PARAM_ECHO_RESPONSE_SIGN: return "HIP_PARAM_ECHO_RESPONSE_SIGN";1163 case HIP_PARAM_ECHO_RESPONSE_SIGN: return "HIP_PARAM_ECHO_RESPONSE_SIGN";
1172 case HIP_PARAM_ECHO_RESPONSE_M: return "HIP_PARAM_ECHO_RESPONSE_M";
1173 case HIP_PARAM_EID_ADDR: return "HIP_PARAM_EID_ADDR";1164 case HIP_PARAM_EID_ADDR: return "HIP_PARAM_EID_ADDR";
1174 case HIP_PARAM_EID_ENDPOINT: return "HIP_PARAM_EID_ENDPOINT";1165 case HIP_PARAM_EID_ENDPOINT: return "HIP_PARAM_EID_ENDPOINT";
1175 case HIP_PARAM_EID_IFACE: return "HIP_PARAM_EID_IFACE";1166 case HIP_PARAM_EID_IFACE: return "HIP_PARAM_EID_IFACE";
@@ -1200,7 +1191,6 @@
1200 case HIP_PARAM_NOTIFICATION: return "HIP_PARAM_NOTIFICATION";1191 case HIP_PARAM_NOTIFICATION: return "HIP_PARAM_NOTIFICATION";
1201 case HIP_PARAM_PORTPAIR: return "HIP_PARAM_PORTPAIR";1192 case HIP_PARAM_PORTPAIR: return "HIP_PARAM_PORTPAIR";
1202 case HIP_PARAM_PUZZLE: return "HIP_PARAM_PUZZLE";1193 case HIP_PARAM_PUZZLE: return "HIP_PARAM_PUZZLE";
1203 case HIP_PARAM_CHALLENGE_REQUEST: return "HIP_PARAM_CHALLENGE_REQUEST";
1204 case HIP_PARAM_R1_COUNTER: return "HIP_PARAM_R1_COUNTER";1194 case HIP_PARAM_R1_COUNTER: return "HIP_PARAM_R1_COUNTER";
1205 case HIP_PARAM_REG_FAILED: return "HIP_PARAM_REG_FAILED";1195 case HIP_PARAM_REG_FAILED: return "HIP_PARAM_REG_FAILED";
1206 case HIP_PARAM_REG_FROM: return "HIP_PARAM_REG_FROM";1196 case HIP_PARAM_REG_FROM: return "HIP_PARAM_REG_FROM";
@@ -1213,7 +1203,6 @@
1213 case HIP_PARAM_RVS_HMAC: return "HIP_PARAM_RVS_HMAC";1203 case HIP_PARAM_RVS_HMAC: return "HIP_PARAM_RVS_HMAC";
1214 case HIP_PARAM_SEQ: return "HIP_PARAM_SEQ";1204 case HIP_PARAM_SEQ: return "HIP_PARAM_SEQ";
1215 case HIP_PARAM_SOLUTION: return "HIP_PARAM_SOLUTION";1205 case HIP_PARAM_SOLUTION: return "HIP_PARAM_SOLUTION";
1216 case HIP_PARAM_CHALLENGE_RESPONSE: return "HIP_PARAM_CHALLENGE_RESPONSE";
1217 case HIP_PARAM_SRC_ADDR: return "HIP_PARAM_SRC_ADDR";1206 case HIP_PARAM_SRC_ADDR: return "HIP_PARAM_SRC_ADDR";
1218 case HIP_PARAM_TO_PEER: return "HIP_PARAM_TO_PEER";1207 case HIP_PARAM_TO_PEER: return "HIP_PARAM_TO_PEER";
1219 case HIP_PARAM_UINT: return "HIP_PARAM_UINT";1208 case HIP_PARAM_UINT: return "HIP_PARAM_UINT";
@@ -2339,88 +2328,6 @@
2339 hip_get_param_contents_direct(&puzzle));2328 hip_get_param_contents_direct(&puzzle));
2340}2329}
23412330
2342#ifdef CONFIG_HIP_MIDAUTH
2343/**
2344 * Build and append a HIP challenge_request to the message.
2345 *
2346 * The puzzle mechanism assumes that every value is in network byte order
2347 * except for the hip_birthday_cookie.cv union, where the value is in
2348 * host byte order. This is an exception to the normal builder rules, where
2349 * input arguments are normally always in host byte order.
2350 *
2351 * @param msg the message where the puzzle_m is to be appended
2352 * @param val_K the K value for the puzzle_m
2353 * @param lifetime lifetime field of the puzzle_m
2354 * @param opaque the opaque data filed of the puzzle_m
2355 * @param opaque_len the length uf the opaque data field
2356 *
2357 * @return zero for success, or non-zero on error
2358 */
2359int hip_build_param_challenge_request(struct hip_common *msg,
2360 uint8_t val_K,
2361 uint8_t lifetime,
2362 uint8_t *opaque,
2363 uint8_t opaque_len)
2364{
2365 struct hip_challenge_request puzzle;
2366
2367 /* note: the length cannot be calculated with calc_param_len() */
2368 hip_set_param_contents_len((struct hip_tlv_common *) &puzzle,
2369 sizeof(struct hip_challenge_request) -
2370 sizeof(struct hip_tlv_common));
2371 /* Type 2 (in R1) or 3 (in I2) */
2372 hip_set_param_type((struct hip_tlv_common *) &puzzle,
2373 HIP_PARAM_CHALLENGE_REQUEST);
2374
2375 /* only the random_j_k is in host byte order */
2376 puzzle.K = val_K;
2377 puzzle.lifetime = lifetime;
2378 memcpy(&puzzle.opaque, opaque, opaque_len);
2379
2380 return hip_build_generic_param(msg, &puzzle, sizeof(struct hip_tlv_common),
2381 hip_get_param_contents_direct(&puzzle));
2382}
2383
2384/**
2385 * Build and append a HIP solution into the message.
2386 *
2387 * The puzzle mechanism assumes that every value is in network byte order
2388 * except for the hip_birthday_cookie.cv union, where the value is in
2389 * host byte order. This is an exception to the normal builder rules, where
2390 * input arguments are normally always in host byte order.
2391 *
2392 * @param msg the message where the solution is to be appended
2393 * @param pz values from the corresponding hip_challenge_request copied to the solution
2394 * @param solution value for the solution (in host byte order)
2395 *
2396 * @return zero for success, or non-zero on error
2397 */
2398int hip_build_param_challenge_response(struct hip_common *const msg,
2399 const struct hip_challenge_request *const pz,
2400 const uint8_t solution[PUZZLE_LENGTH])
2401{
2402 struct hip_challenge_response cookie;
2403 int opaque_len = 0;
2404
2405 /* note: the length cannot be calculated with calc_param_len() */
2406 hip_set_param_contents_len((struct hip_tlv_common *) &cookie,
2407 sizeof(struct hip_challenge_response) -
2408 sizeof(struct hip_tlv_common));
2409 /* Type 2 (in R1) or 3 (in I2) */
2410 hip_set_param_type((struct hip_tlv_common *) &cookie, HIP_PARAM_CHALLENGE_RESPONSE);
2411
2412 memcpy(cookie.J, solution, PUZZLE_LENGTH);
2413 cookie.K = pz->K;
2414 cookie.lifetime = pz->K;
2415 opaque_len = sizeof(pz->opaque) / sizeof(pz->opaque[0]);
2416 memcpy(&cookie.opaque, pz->opaque, opaque_len);
2417
2418 return hip_build_generic_param(msg, &cookie, sizeof(struct hip_tlv_common),
2419 hip_get_param_contents_direct(&cookie));
2420}
2421
2422#endif /* CONFIG_HIP_MIDAUTH */
2423
2424/**2331/**
2425 * Build and append a HIP solution into the message.2332 * Build and append a HIP solution into the message.
2426 *2333 *
@@ -3850,6 +3757,14 @@
3850 SHA_CTX sha;3757 SHA_CTX sha;
3851 MD5_CTX md5;3758 MD5_CTX md5;
38523759
3760 HIP_ASSERT(in != NULL);
3761 HIP_ASSERT(out != NULL);
3762
3763 if (in_len <= 0) {
3764 HIP_ERROR("invalid input length: %i\n", in_len);
3765 return -1;
3766 }
3767
3853 switch (type) {3768 switch (type) {
3854 case HIP_DIGEST_SHA1:3769 case HIP_DIGEST_SHA1:
3855 SHA1_Init(&sha);3770 SHA1_Init(&sha);
38563771
=== modified file 'lib/core/builder.h'
--- lib/core/builder.h 2011-07-18 13:10:26 +0000
+++ lib/core/builder.h 2011-08-09 11:19:24 +0000
@@ -133,12 +133,6 @@
133 const uint32_t opaque,133 const uint32_t opaque,
134 const uint8_t *const random_i);134 const uint8_t *const random_i);
135135
136int hip_build_param_challenge_request(struct hip_common *,
137 uint8_t,
138 uint8_t,
139 uint8_t *,
140 uint8_t);
141
142int hip_build_param_r1_counter(struct hip_common *, uint64_t);136int hip_build_param_r1_counter(struct hip_common *, uint64_t);
143137
144int hip_build_param_signature2_contents(struct hip_common *,138int hip_build_param_signature2_contents(struct hip_common *,
@@ -153,10 +147,6 @@
153 const struct hip_puzzle *,147 const struct hip_puzzle *,
154 uint8_t *const);148 uint8_t *const);
155149
156int hip_build_param_challenge_response(struct hip_common *const msg,
157 const struct hip_challenge_request *const pz,
158 const uint8_t *const solution);
159
160int hip_build_param(struct hip_common *, const void *);150int hip_build_param(struct hip_common *, const void *);
161void hip_set_msg_response(struct hip_common *msg, uint8_t on);151void hip_set_msg_response(struct hip_common *msg, uint8_t on);
162uint8_t hip_get_msg_response(struct hip_common *msg);152uint8_t hip_get_msg_response(struct hip_common *msg);
163153
=== modified file 'lib/core/protodefs.h'
--- lib/core/protodefs.h 2011-07-28 18:11:17 +0000
+++ lib/core/protodefs.h 2011-08-09 11:19:24 +0000
@@ -140,7 +140,6 @@
140#define HIP_PARAM_LOCATOR 193140#define HIP_PARAM_LOCATOR 193
141#define HIP_PARAM_PUZZLE 257141#define HIP_PARAM_PUZZLE 257
142#define HIP_PARAM_SOLUTION 321142#define HIP_PARAM_SOLUTION 321
143#define HIP_PARAM_CHALLENGE_RESPONSE 322
144#define HIP_PARAM_SEQ 385143#define HIP_PARAM_SEQ 385
145#define HIP_PARAM_ACK 449144#define HIP_PARAM_ACK 449
146#define HIP_PARAM_DIFFIE_HELLMAN 513145#define HIP_PARAM_DIFFIE_HELLMAN 513
@@ -156,7 +155,6 @@
156#define HIP_PARAM_REG_FAILED 936155#define HIP_PARAM_REG_FAILED 936
157#define HIP_PARAM_REG_FROM 950156#define HIP_PARAM_REG_FROM 950
158#define HIP_PARAM_ECHO_RESPONSE_SIGN 961157#define HIP_PARAM_ECHO_RESPONSE_SIGN 961
159#define HIP_PARAM_ECHO_RESPONSE_M 962
160#define HIP_PARAM_ESP_TRANSFORM 4095158#define HIP_PARAM_ESP_TRANSFORM 4095
161#define HIP_PARAM_ESP_PROT_TRANSFORMS 4120159#define HIP_PARAM_ESP_PROT_TRANSFORMS 4120
162#define HIP_PARAM_ESP_PROT_ANCHOR 4121160#define HIP_PARAM_ESP_PROT_ANCHOR 4121
@@ -230,8 +228,6 @@
230//#define HIP_PARAM_REG_FROM 64010228//#define HIP_PARAM_REG_FROM 64010
231#define HIP_PARAM_TO_PEER 64006229#define HIP_PARAM_TO_PEER 64006
232#define HIP_PARAM_FROM_PEER 64008230#define HIP_PARAM_FROM_PEER 64008
233#define HIP_PARAM_ECHO_REQUEST_M 65332
234#define HIP_PARAM_CHALLENGE_REQUEST 65334
235#define HIP_PARAM_FROM 65498231#define HIP_PARAM_FROM 65498
236#define HIP_PARAM_RVS_HMAC 65500232#define HIP_PARAM_RVS_HMAC 65500
237#define HIP_PARAM_VIA_RVS 65502233#define HIP_PARAM_VIA_RVS 65502
@@ -783,25 +779,6 @@
783 uint8_t J[PUZZLE_LENGTH];779 uint8_t J[PUZZLE_LENGTH];
784} __attribute__((packed));780} __attribute__((packed));
785781
786
787
788struct hip_challenge_request {
789 hip_tlv type;
790 hip_tlv_len length;
791 uint8_t K;
792 uint8_t lifetime;
793 uint8_t opaque[24]; /**< variable length */
794} __attribute__((packed));
795
796struct hip_challenge_response {
797 hip_tlv type;
798 hip_tlv_len length;
799 uint8_t K;
800 uint8_t lifetime;
801 uint8_t J[PUZZLE_LENGTH];
802 uint8_t opaque[24]; /**< variable length */
803} __attribute__((packed));
804
805struct hip_dh_public_value {782struct hip_dh_public_value {
806 uint8_t group_id;783 uint8_t group_id;
807 uint16_t pub_len;784 uint16_t pub_len;
808785
=== modified file 'lib/core/solve.c'
--- lib/core/solve.c 2011-04-20 09:38:33 +0000
+++ lib/core/solve.c 2011-08-09 11:19:24 +0000
@@ -1,5 +1,5 @@
1/*1/*
2 * Copyright (c) 2010 Aalto University and RWTH Aachen University.2 * Copyright (c) 2010-2011 Aalto University and RWTH Aachen University.
3 *3 *
4 * Permission is hereby granted, free of charge, to any person4 * Permission is hereby granted, free of charge, to any person
5 * obtaining a copy of this software and associated documentation5 * obtaining a copy of this software and associated documentation
@@ -174,59 +174,3 @@
174174
175 return 0;175 return 0;
176}176}
177
178#ifdef CONFIG_HIP_MIDAUTH
179/**
180 * solve a midauth puzzle which is essentially a normal HIP cookie
181 * with some extra whipped cream on the top
182 *
183 * @param out the received R1 message
184 * @param in an I2 message where the solution will be written
185 * @return zero on success and negative on error
186 * @see <a
187 * href="http://tools.ietf.org/id/draft-heer-hip-middle-auth">Heer et
188 * al, End-Host Authentication for HIP Middleboxes, Internet draft,
189 * work in progress, February 2009</a>
190 */
191int hip_solve_puzzle_m(struct hip_common *const out,
192 const struct hip_common *const in)
193{
194 struct puzzle_hash_input puzzle_input;
195 const struct hip_challenge_request *pz;
196 uint8_t digest[HIP_AH_SHA_LEN];
197
198 pz = hip_get_param(in, HIP_PARAM_CHALLENGE_REQUEST);
199 while (pz) {
200 if (hip_get_param_type(pz) != HIP_PARAM_CHALLENGE_REQUEST) {
201 break;
202 }
203
204 if (hip_build_digest(HIP_DIGEST_SHA1, pz->opaque, 24, digest) < 0) {
205 HIP_ERROR("Building of SHA1 Random seed I failed\n");
206 return -1;
207 }
208
209 memcpy(puzzle_input.puzzle,
210 &digest[HIP_AH_SHA_LEN - PUZZLE_LENGTH],
211 PUZZLE_LENGTH);
212 puzzle_input.initiator_hit = out->hits;
213 puzzle_input.responder_hit = out->hitr;
214 RAND_bytes(puzzle_input.solution, PUZZLE_LENGTH);
215
216 if ((hip_solve_puzzle(&puzzle_input, pz->K))) {
217 HIP_ERROR("Solving of puzzle failed\n");
218 return -EINVAL;
219 }
220
221 if (hip_build_param_challenge_response(out, pz, puzzle_input.solution) < 0) {
222 HIP_ERROR("Error while creating solution_m reply parameter\n");
223 return -1;
224 }
225 pz = (const struct hip_challenge_request *)
226 hip_get_next_param(in, (const struct hip_tlv_common *) pz);
227 }
228
229 return 0;
230}
231
232#endif /* CONFIG_HIP_MIDAUTH */
233177
=== modified file 'lib/core/solve.h'
--- lib/core/solve.h 2011-07-28 18:11:17 +0000
+++ lib/core/solve.h 2011-08-09 11:19:24 +0000
@@ -1,5 +1,5 @@
1/*1/*
2 * Copyright (c) 2010 Aalto University and RWTH Aachen University.2 * Copyright (c) 2010-2011 Aalto University and RWTH Aachen University.
3 *3 *
4 * Permission is hereby granted, free of charge, to any person4 * Permission is hereby granted, free of charge, to any person
5 * obtaining a copy of this software and associated documentation5 * obtaining a copy of this software and associated documentation
@@ -55,7 +55,4 @@
55int hip_verify_puzzle_solution(const struct puzzle_hash_input *const puzzle_input,55int hip_verify_puzzle_solution(const struct puzzle_hash_input *const puzzle_input,
56 const uint8_t difficulty);56 const uint8_t difficulty);
5757
58int hip_solve_puzzle_m(struct hip_common *const out,
59 const struct hip_common *const in);
60
61#endif /* HIP_LIB_CORE_SOLVE_H */58#endif /* HIP_LIB_CORE_SOLVE_H */
6259
=== added directory 'modules/midauth'
=== added directory 'modules/midauth/hipd'
=== added file 'modules/midauth/hipd/midauth.c'
--- modules/midauth/hipd/midauth.c 1970-01-01 00:00:00 +0000
+++ modules/midauth/hipd/midauth.c 2011-08-09 11:19:24 +0000
@@ -0,0 +1,229 @@
1/*
2 * Copyright (c) 2010-2011 Aalto University and RWTH Aachen University.
3 *
4 * Permission is hereby granted, free of charge, to any person
5 * obtaining a copy of this software and associated documentation
6 * files (the "Software"), to deal in the Software without
7 * restriction, including without limitation the rights to use,
8 * copy, modify, merge, publish, distribute, sublicense, and/or sell
9 * copies of the Software, and to permit persons to whom the
10 * Software is furnished to do so, subject to the following
11 * conditions:
12 *
13 * The above copyright notice and this permission notice shall be
14 * included in all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
17 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
18 * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
19 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
20 * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
21 * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
22 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
23 * OTHER DEALINGS IN THE SOFTWARE.
24 */
25
26/**
27 * @file
28 * This file contains the implementation for the middlebox authentication
29 * extension.
30 *
31 * @author Rene Hummen
32 */
33
34#include <errno.h>
35#include <stdint.h>
36#include <string.h>
37
38#include "hipd/hidb.h"
39#include "hipd/pkt_handling.h"
40#include "lib/core/builder.h"
41#include "lib/core/common.h"
42#include "lib/core/ife.h"
43#include "lib/core/modularization.h"
44#include "lib/core/protodefs.h"
45#include "lib/core/solve.h"
46#include "modules/midauth/lib/midauth_builder.h"
47#include "modules/update/hipd/update.h"
48#include "midauth.h"
49
50
51/**
52 * Handle the CHALLENGE_REQUEST parameter.
53 *
54 * @param packet_type The packet type of the control message (RFC 5201, 5.3.)
55 * @param ha_state The host association state (RFC 5201, 4.4.1.)
56 * @param ctx Pointer to the packet context, containing all information for
57 * the packet handling (received message, source and destination
58 * address, the ports and the corresponding entry from the host
59 * association database).
60 *
61 * @return zero if the challenge was processed correctly or no challenge
62 * parameter was attached to the packet, negative value otherwise.
63 */
64static int handle_challenge_request_param(UNUSED const uint8_t packet_type,
65 UNUSED const uint32_t ha_state,
66 struct hip_packet_context *ctx)
67{
68 const struct hip_challenge_request *request = NULL;
69
70 request = hip_get_param(ctx->input_msg, HIP_PARAM_CHALLENGE_REQUEST);
71
72 // each on-path middlebox may add a challenge on its own
73 while (request &&
74 hip_get_param_type(request) == HIP_PARAM_CHALLENGE_REQUEST) {
75 struct puzzle_hash_input tmp_puzzle;
76 const unsigned int len = hip_challenge_request_opaque_len(request);
77
78 if (hip_midauth_puzzle_seed(request->opaque, len, tmp_puzzle.puzzle)) {
79 HIP_ERROR("failed to derive midauth puzzle\n");
80 return -1;
81 }
82
83 tmp_puzzle.initiator_hit = ctx->input_msg->hitr;
84 tmp_puzzle.responder_hit = ctx->input_msg->hits;
85
86 if (hip_solve_puzzle(&tmp_puzzle, request->K)) {
87 HIP_ERROR("Solving of middlebox challenge failed\n");
88 return -EINVAL;
89 }
90
91 if (hip_build_param_challenge_response(ctx->output_msg,
92 request,
93 tmp_puzzle.solution) < 0) {
94 HIP_ERROR("Error while creating CHALLENGE_RESPONSE parameter\n");
95 return -1;
96 }
97
98 // process next challenge parameter, if available
99 request = (const struct hip_challenge_request *)
100 hip_get_next_param(ctx->input_msg, &request->tlv);
101 }
102
103 return 0;
104}
105
106/**
107 * Add a HOST_ID parameter corresponding to the local HIT of the association to
108 * an UPDATE packet.
109 *
110 * @param packet_type The packet type of the control message (RFC 5201, 5.3.)
111 * @param ha_state The host association state (RFC 5201, 4.4.1.)
112 * @param ctx Pointer to the packet context, containing all information for
113 * the packet handling (received message, source and destination
114 * address, the ports and the corresponding entry from the host
115 * association database).
116 *
117 * @return zero on success, negative value otherwise
118 */
119static int add_host_id_param_update(UNUSED const uint8_t packet_type,
120 UNUSED const uint32_t ha_state,
121 struct hip_packet_context *ctx)
122{
123 const struct hip_challenge_request *const challenge_request =
124 hip_get_param(ctx->input_msg, HIP_PARAM_CHALLENGE_REQUEST);
125
126 // add HOST_ID to packets containing a CHALLENGE_RESPONSE
127 if (challenge_request) {
128 const struct local_host_id *const host_id_entry =
129 hip_get_hostid_entry_by_lhi_and_algo(HIP_DB_LOCAL_HID,
130 &ctx->input_msg->hitr,
131 HIP_ANY_ALGO,
132 -1);
133 if (!host_id_entry) {
134 HIP_ERROR("Unknown HIT\n");
135 return -1;
136 }
137
138 if (hip_build_param_host_id(ctx->output_msg, &host_id_entry->host_id)) {
139 HIP_ERROR("Building of host id failed\n");
140 return -1;
141 }
142 }
143
144 return 0;
145}
146
147/**
148 * Initialization function for the midauth module.
149 *
150 * @return zero on success, negative value otherwise
151 */
152int hip_midauth_init(void)
153{
154 if (lmod_register_parameter_type(HIP_PARAM_CHALLENGE_REQUEST,
155 "HIP_PARAM_CHALLENGE_REQUEST")) {
156 HIP_ERROR("failed to register parameter type\n");
157 return -1;
158 }
159
160 if (lmod_register_parameter_type(HIP_PARAM_CHALLENGE_RESPONSE,
161 "HIP_PARAM_CHALLENGE_RESPONSE")) {
162 HIP_ERROR("failed to register parameter type\n");
163 return -1;
164 }
165
166 const int challenge_request_R1_states[] = { HIP_STATE_I1_SENT,
167 HIP_STATE_I2_SENT,
168 HIP_STATE_CLOSING,
169 HIP_STATE_CLOSED };
170 for (unsigned i = 0; i < ARRAY_SIZE(challenge_request_R1_states); i++) {
171 if (hip_register_handle_function(HIP_R1,
172 challenge_request_R1_states[i],
173 &handle_challenge_request_param,
174 32500)) {
175 HIP_ERROR("Error on registering MIDAUTH handle function.\n");
176 return -1;
177 }
178 }
179
180 //
181 // we hook on every occasion that causes an R2 to get sent.
182 // R2 packet is first allocated at 40000, so we use a higher
183 // base priority here.
184 //
185 const int challenge_request_I2_states[] = { HIP_STATE_UNASSOCIATED,
186 HIP_STATE_I1_SENT,
187 HIP_STATE_I2_SENT,
188 HIP_STATE_R2_SENT,
189 HIP_STATE_ESTABLISHED,
190 HIP_STATE_CLOSING,
191 HIP_STATE_CLOSED,
192 HIP_STATE_NONE };
193 for (unsigned i = 0; i < ARRAY_SIZE(challenge_request_I2_states); i++) {
194 if (hip_register_handle_function(HIP_I2,
195 challenge_request_I2_states[i],
196 &handle_challenge_request_param,
197 40322)) {
198 HIP_ERROR("Error on registering MIDAUTH handle function.\n");
199 return -1;
200 }
201 }
202
203 //
204 // Priority computed the same as above, but UPDATE response is sent at
205 // priority 30000 already (checking is 20000) and we must add our
206 // CHALLENGE_REQUEST verification in between, hence a lower base priority.
207 //
208 const int challenge_request_UPDATE_states[] = { HIP_STATE_R2_SENT,
209 HIP_STATE_ESTABLISHED };
210 for (unsigned i = 0; i < ARRAY_SIZE(challenge_request_UPDATE_states); i++) {
211 if (hip_register_handle_function(HIP_UPDATE,
212 challenge_request_UPDATE_states[i],
213 &handle_challenge_request_param,
214 20322)) {
215 HIP_ERROR("Error on registering MIDAUTH handle function.\n");
216 return -1;
217 }
218
219 if (hip_register_handle_function(HIP_UPDATE,
220 challenge_request_UPDATE_states[i],
221 &add_host_id_param_update,
222 20750)) {
223 HIP_ERROR("Error on registering MIDAUTH handle function.\n");
224 return -1;
225 }
226 }
227
228 return 0;
229}
0230
=== added file 'modules/midauth/hipd/midauth.h'
--- modules/midauth/hipd/midauth.h 1970-01-01 00:00:00 +0000
+++ modules/midauth/hipd/midauth.h 2011-08-09 11:19:24 +0000
@@ -0,0 +1,34 @@
1/*
2 * Copyright (c) 2010-2011 Aalto University and RWTH Aachen University.
3 *
4 * Permission is hereby granted, free of charge, to any person
5 * obtaining a copy of this software and associated documentation
6 * files (the "Software"), to deal in the Software without
7 * restriction, including without limitation the rights to use,
8 * copy, modify, merge, publish, distribute, sublicense, and/or sell
9 * copies of the Software, and to permit persons to whom the
10 * Software is furnished to do so, subject to the following
11 * conditions:
12 *
13 * The above copyright notice and this permission notice shall be
14 * included in all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
17 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
18 * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
19 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
20 * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
21 * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
22 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
23 * OTHER DEALINGS IN THE SOFTWARE.
24 */
25
26#ifndef MODULES_MIDAUTH_HIPD_MIDAUTH_H
27#define MODULES_MIDAUTH_HIPD_MIDAUTH_H
28
29#define HIP_PARAM_CHALLENGE_REQUEST 65334
30#define HIP_PARAM_CHALLENGE_RESPONSE 322
31
32int hip_midauth_init(void);
33
34#endif /* MODULES_MIDAUTH_HIPD_MIDAUTH_H */
035
=== added directory 'modules/midauth/lib'
=== added file 'modules/midauth/lib/midauth_builder.c'
--- modules/midauth/lib/midauth_builder.c 1970-01-01 00:00:00 +0000
+++ modules/midauth/lib/midauth_builder.c 2011-08-09 11:19:24 +0000
@@ -0,0 +1,181 @@
1/*
2 * Copyright (c) 2010-2011 Aalto University and RWTH Aachen University.
3 *
4 * Permission is hereby granted, free of charge, to any person
5 * obtaining a copy of this software and associated documentation
6 * files (the "Software"), to deal in the Software without
7 * restriction, including without limitation the rights to use,
8 * copy, modify, merge, publish, distribute, sublicense, and/or sell
9 * copies of the Software, and to permit persons to whom the
10 * Software is furnished to do so, subject to the following
11 * conditions:
12 *
13 * The above copyright notice and this permission notice shall be
14 * included in all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
17 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
18 * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
19 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
20 * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
21 * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
22 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
23 * OTHER DEALINGS IN THE SOFTWARE.
24 */
25
26/**
27 * @file
28 * This file contains parameter handling functionality for the middlebox
29 * authentication extension.
30 *
31 * @author Rene Hummen
32 * @author Christof Mroz <christof.mroz@rwth-aachen.de>
33 */
34
35#include <stdint.h>
36#include <string.h>
37
38#include "lib/core/ife.h"
39#include "modules/midauth/hipd/midauth.h"
40#include "midauth_builder.h"
41
42
43/**
44 * Build and append a HIP CHALLENGE_REQUEST to the message.
45 *
46 * @param msg the message where the CHALLENGE_REQUEST is appended
47 * @param difficulty the puzzle difficulty for the CHALLENGE_REQUEST
48 * @param lifetime lifetime the puzzle nonce
49 * @param opaque the nonce (challenge) of the CHALLENGE_REQUEST
50 * @param opaque_len the length of the nonce
51 *
52 * @return zero for success, or negative value on error
53 */
54int hip_build_param_challenge_request(struct hip_common *const msg,
55 const uint8_t difficulty,
56 const uint8_t lifetime,
57 const uint8_t *opaque,
58 const uint8_t opaque_len)
59{
60 struct hip_challenge_request request;
61 static const size_t min_length = sizeof(request) -
62 sizeof(request.tlv) -
63 sizeof(request.opaque);
64
65 HIP_ASSERT(opaque);
66
67 /* note: the length cannot be calculated with calc_param_len() */
68 hip_set_param_contents_len(&request.tlv, min_length + opaque_len);
69 hip_set_param_type(&request.tlv, HIP_PARAM_CHALLENGE_REQUEST);
70
71 /* only the random_j_k is in host byte order */
72 request.K = difficulty;
73 request.lifetime = lifetime;
74 memcpy(&request.opaque, opaque, opaque_len);
75
76 if (hip_build_param(msg, &request) != 0) {
77 HIP_ERROR("failed to build parameter\n");
78 return -1;
79 }
80
81 return 0;
82}
83
84/**
85 * Build and append a HIP CHALLENGE_RESPONSE to the message.
86 *
87 * @param msg the message where the CHALLENGE_RESPONSE is appended
88 * @param request the received CHALLENGE_REQUEST parameter for this response
89 * @param solution the solution for the puzzle in the CHALLENGE_REQUEST
90 *
91 * @return zero for success, or negative value on error
92 */
93int hip_build_param_challenge_response(struct hip_common *const msg,
94 const struct hip_challenge_request *const request,
95 const uint8_t solution[PUZZLE_LENGTH])
96{
97 struct hip_challenge_response response;
98 static const size_t min_length = sizeof(response) -
99 sizeof(response.tlv) -
100 sizeof(response.opaque);
101
102 if (!request || !solution) {
103 HIP_ERROR("Unexpected input parameter values (NULL).\n");
104 return -1;
105 }
106
107 const int opaque_len = hip_challenge_request_opaque_len(request);
108
109 /* note: the length cannot be calculated with calc_param_len() */
110 hip_set_param_contents_len(&response.tlv, min_length + opaque_len);
111 hip_set_param_type(&response.tlv, HIP_PARAM_CHALLENGE_RESPONSE);
112
113 memcpy(response.J, solution, PUZZLE_LENGTH);
114 response.K = request->K;
115 response.lifetime = request->lifetime;
116 memcpy(response.opaque, request->opaque, opaque_len);
117
118 if (hip_build_param(msg, &response)) {
119 HIP_ERROR("failed to build parameter\n");
120 return -1;
121 }
122
123 return 0;
124}
125
126/**
127 * Compute length of opaque field in CHALLENGE_REQUEST parameter.
128 *
129 * @param request the CHALLENGE_REQUEST parameter
130 * @return length of the opaque field; 0 in case of error or if length equals 0
131 */
132unsigned int hip_challenge_request_opaque_len(const struct hip_challenge_request *const request)
133{
134 if (!request) {
135 return 0;
136 }
137
138 static const size_t min_len = sizeof(*request) -
139 sizeof(request->tlv) -
140 sizeof(request->opaque);
141
142 return hip_get_param_contents_len(&request->tlv) - min_len;
143}
144
145/**
146 * Convert the opaque value in the CHALLENGE_REQUEST to the seed value I of a
147 * HIP puzzle.
148 *
149 * The opaque value plays a dual role in a CHALLENGE_REQUEST:
150 * i) it is a challenge that needs to be echoed back by the responder and
151 * ii) it is used to derive the seed value for a cryptographic puzzle. The
152 * puzzle is defined in RFC5201.
153 *
154 * @param opaque the nonce (challenge) in the CHALLENGE_REQUEST
155 * @param opaque_len the length of the nonce
156 * @param puzzle_value the puzzle value generated from the nonce
157 * @return zero on success, -1 in case of an error
158 */
159int hip_midauth_puzzle_seed(const uint8_t opaque[],
160 const unsigned int opaque_len,
161 uint8_t puzzle_value[PUZZLE_LENGTH])
162{
163 unsigned char sha_digest[SHA_DIGEST_LENGTH];
164
165 HIP_ASSERT(puzzle_value != NULL);
166
167 // the hashed opaque field is used as puzzle seed
168 if (hip_build_digest(HIP_DIGEST_SHA1,
169 opaque,
170 opaque_len,
171 sha_digest)) {
172 HIP_ERROR("Building of SHA1 random seed I failed\n");
173 return -1;
174 }
175
176 memcpy(puzzle_value,
177 &sha_digest[SHA_DIGEST_LENGTH - PUZZLE_LENGTH],
178 PUZZLE_LENGTH);
179
180 return 0;
181}
0182
=== added file 'modules/midauth/lib/midauth_builder.h'
--- modules/midauth/lib/midauth_builder.h 1970-01-01 00:00:00 +0000
+++ modules/midauth/lib/midauth_builder.h 2011-08-09 11:19:24 +0000
@@ -0,0 +1,79 @@
1/*
2 * Copyright (c) 2010-2011 Aalto University and RWTH Aachen University.
3 *
4 * Permission is hereby granted, free of charge, to any person
5 * obtaining a copy of this software and associated documentation
6 * files (the "Software"), to deal in the Software without
7 * restriction, including without limitation the rights to use,
8 * copy, modify, merge, publish, distribute, sublicense, and/or sell
9 * copies of the Software, and to permit persons to whom the
10 * Software is furnished to do so, subject to the following
11 * conditions:
12 *
13 * The above copyright notice and this permission notice shall be
14 * included in all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
17 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
18 * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
19 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
20 * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
21 * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
22 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
23 * OTHER DEALINGS IN THE SOFTWARE.
24 */
25
26/**
27 * @file
28 * This file contains parameter handling functionality for the middlebox
29 * authentication extension.
30 *
31 * @author Rene Hummen
32 * @author Christof Mroz <christof.mroz@rwth-aachen.de>
33 */
34
35#ifndef MODULES_MIDAUTH_HIPD_MIDAUTH_BUILDER_H
36#define MODULES_MIDAUTH_HIPD_MIDAUTH_BUILDER_H
37
38#include <stdint.h>
39
40#include "lib/core/builder.h"
41#include "lib/core/protodefs.h"
42
43
44#define MAX_CHALLENGE_LENGTH 256
45
46
47struct hip_challenge_request {
48 struct hip_tlv_common tlv;
49 uint8_t K;
50 uint8_t lifetime;
51 uint8_t opaque[MAX_CHALLENGE_LENGTH]; /**< variable length */
52} __attribute__ ((packed));
53
54struct hip_challenge_response {
55 struct hip_tlv_common tlv;
56 uint8_t K;
57 uint8_t lifetime;
58 uint8_t J[PUZZLE_LENGTH];
59 uint8_t opaque[MAX_CHALLENGE_LENGTH]; /**< variable length */
60} __attribute__ ((packed));
61
62
63int hip_build_param_challenge_request(struct hip_common *const msg,
64 const uint8_t difficulty,
65 const uint8_t lifetime,
66 const uint8_t *opaque,
67 const uint8_t opaque_len);
68
69int hip_build_param_challenge_response(struct hip_common *const msg,
70 const struct hip_challenge_request *const request,
71 const uint8_t *const solution);
72
73unsigned int hip_challenge_request_opaque_len(const struct hip_challenge_request *const request);
74
75int hip_midauth_puzzle_seed(const uint8_t *const opaque,
76 const unsigned int opaque_len,
77 uint8_t *const puzzle_value);
78
79#endif /* MODULES_MIDAUTH_HIPD_MIDAUTH_BUILDER_H */
080
=== added file 'modules/midauth/module_info.xml'
--- modules/midauth/module_info.xml 1970-01-01 00:00:00 +0000
+++ modules/midauth/module_info.xml 2011-08-09 11:19:24 +0000
@@ -0,0 +1,47 @@
1<!--
2Copyright (c) 2010-2011 Aalto University and RWTH Aachen University.
3
4Permission is hereby granted, free of charge, to any person
5obtaining a copy of this software and associated documentation
6files (the "Software"), to deal in the Software without
7restriction, including without limitation the rights to use,
8copy, modify, merge, publish, distribute, sublicense, and/or sell
9copies of the Software, and to permit persons to whom the
10Software is furnished to do so, subject to the following
11conditions:
12
13The above copyright notice and this permission notice shall be
14included in all copies or substantial portions of the Software.
15
16THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
17EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
18OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
19NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
20HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
21WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
22FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
23OTHER DEALINGS IN THE SOFTWARE.
24-->
25
26<?xml version="1.0" encoding="UTF-8"?>
27
28<!-- Mandatory: name, version -->
29<module
30 name="midauth"
31 version="0.0.1"
32 description="Middlebox authentication functionality for the hip daemon."
33 developer=""
34 bugaddress="hipl-users@freelists.org"
35 webpage="http://infrahip.hiit.fi/">
36
37 <requires>
38 <module name="update" minversion="0.0.1" />
39 </requires>
40
41 <!-- Mandatory: name, header_file, init_function -->
42 <application
43 name="hipd"
44 header_file="modules/midauth/hipd/midauth.h"
45 init_function="hip_midauth_init" />
46</module>
47
048
=== added file 'test/check_modules_midauth.c'
--- test/check_modules_midauth.c 1970-01-01 00:00:00 +0000
+++ test/check_modules_midauth.c 2011-08-09 11:19:24 +0000
@@ -0,0 +1,46 @@
1/*
2 * Copyright (c) 2010-2011 Aalto University and RWTH Aachen University.
3 *
4 * Permission is hereby granted, free of charge, to any person
5 * obtaining a copy of this software and associated documentation
6 * files (the "Software"), to deal in the Software without
7 * restriction, including without limitation the rights to use,
8 * copy, modify, merge, publish, distribute, sublicense, and/or sell
9 * copies of the Software, and to permit persons to whom the
10 * Software is furnished to do so, subject to the following
11 * conditions:
12 *
13 * The above copyright notice and this permission notice shall be
14 * included in all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
17 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
18 * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
19 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
20 * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
21 * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
22 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
23 * OTHER DEALINGS IN THE SOFTWARE.
24 */
25
26/**
27 * @file
28 * @brief Unit tests of modules/midauth (see doc/HACKING on unit tests).
29 */
30
31#include <stdlib.h>
32#include <check.h>
33
34#include "test/modules/midauth/test_suites.h"
35
36int main(void)
37{
38 int number_failed;
39 SRunner *sr = srunner_create(modules_midauth_lib_builder());
40 srunner_add_suite(sr, modules_midauth_hipd_midauth());
41
42 srunner_run_all(sr, CK_NORMAL);
43 number_failed = srunner_ntests_failed(sr);
44 srunner_free(sr);
45 return (number_failed == 0) ? EXIT_SUCCESS : EXIT_FAILURE;
46}
047
=== added directory 'test/modules'
=== added directory 'test/modules/midauth'
=== added directory 'test/modules/midauth/hipd'
=== added file 'test/modules/midauth/hipd/midauth.c'
--- test/modules/midauth/hipd/midauth.c 1970-01-01 00:00:00 +0000
+++ test/modules/midauth/hipd/midauth.c 2011-08-09 11:19:24 +0000
@@ -0,0 +1,120 @@
1/*
2 * Copyright (c) 2011 Aalto University and RWTH Aachen University.
3 *
4 * Permission is hereby granted, free of charge, to any person
5 * obtaining a copy of this software and associated documentation
6 * files (the "Software"), to deal in the Software without
7 * restriction, including without limitation the rights to use,
8 * copy, modify, merge, publish, distribute, sublicense, and/or sell
9 * copies of the Software, and to permit persons to whom the
10 * Software is furnished to do so, subject to the following
11 * conditions:
12 *
13 * The above copyright notice and this permission notice shall be
14 * included in all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
17 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
18 * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
19 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
20 * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
21 * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
22 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
23 * OTHER DEALINGS IN THE SOFTWARE.
24 */
25
26#include <check.h>
27#include <stdint.h>
28
29#include "modules/midauth/hipd/midauth.c"
30#include "modules/midauth/lib/midauth_builder.h"
31#include "../test_suites.h"
32
33#define MIDAUTH_DEFAULT_NONCE_LENGTH 18
34
35/* Test where the HIP packet does not contain any CHALLANGE_REQUESTs */
36START_TEST(test_midauth_handle_challenge_request_param_0_CORRECT)
37{
38 struct hip_packet_context ctx = { 0 };
39 const struct hip_challenge_response *response = NULL;
40
41 ctx.input_msg = hip_msg_alloc();
42 ctx.output_msg = hip_msg_alloc();
43
44 fail_unless(handle_challenge_request_param(0, 0, &ctx) == 0, NULL);
45
46 /* NOTE we can only check for the existance of the response parameter here
47 * as the puzzle solution differs for each run. */
48 fail_unless((response = hip_get_param(ctx.output_msg,
49 HIP_PARAM_CHALLENGE_RESPONSE)) == NULL,
50 NULL);
51}
52END_TEST
53
54START_TEST(test_midauth_handle_challenge_request_param_1_CORRECT)
55{
56 const uint8_t opaque1[] = "\x01\x41\x01\x14\x05\x00\x48\x49\x0b"
57 "\x02\x42\x02\x15\x06\x08\x49\x50\x0c";
58 struct hip_packet_context ctx = { 0 };
59 const struct hip_challenge_response *response = NULL;
60
61 ctx.input_msg = hip_msg_alloc();
62 ctx.output_msg = hip_msg_alloc();
63
64 fail_unless(hip_build_param_challenge_request(ctx.input_msg, 0, 0, opaque1,
65 MIDAUTH_DEFAULT_NONCE_LENGTH) ==
66 0, NULL);
67 fail_unless(handle_challenge_request_param(0, 0, &ctx) == 0, NULL);
68
69 /* NOTE we can only check for the existance of the response parameter here
70 * as the puzzle solution differs for each run. */
71 fail_unless((response = hip_get_param(ctx.output_msg,
72 HIP_PARAM_CHALLENGE_RESPONSE)) != NULL,
73 NULL);
74}
75END_TEST
76
77START_TEST(test_midauth_handle_challenge_request_param_2_CORRECT)
78{
79 const uint8_t opaque1[] = "\x01\x41\x01\x14\x05\x00\x48\x49\x0b"
80 "\x02\x42\x02\x15\x06\x08\x49\x50\x0c";
81 const uint8_t opaque2[] = "\x01\x41\x01\x14\x05\x00\x48\x49\x0b"
82 "\x02\x42\x02\x15\x06\x08\x49\x50\x0d";
83 struct hip_packet_context ctx = { 0 };
84 const struct hip_challenge_response *response = NULL;
85
86 ctx.input_msg = hip_msg_alloc();
87 ctx.output_msg = hip_msg_alloc();
88
89 fail_unless(hip_build_param_challenge_request(ctx.input_msg, 0, 0, opaque1,
90 MIDAUTH_DEFAULT_NONCE_LENGTH) ==
91 0, NULL);
92 fail_unless(hip_build_param_challenge_request(ctx.input_msg, 0, 0, opaque2,
93 MIDAUTH_DEFAULT_NONCE_LENGTH) ==
94 0, NULL);
95 fail_unless(handle_challenge_request_param(0, 0, &ctx) == 0, NULL);
96
97 /* NOTE we can only check for the existance of the response parameter here
98 * as the puzzle solution differs for each run. */
99 fail_unless((response = hip_get_param(ctx.output_msg,
100 HIP_PARAM_CHALLENGE_RESPONSE)) != NULL,
101 NULL);
102 fail_unless(hip_get_next_param(ctx.output_msg,
103 (const struct hip_tlv_common *) response) !=
104 NULL, NULL);
105}
106END_TEST
107
108Suite *modules_midauth_hipd_midauth(void)
109{
110 Suite *s = suite_create("modules/midauth/hipd/midauth");
111 TCase *tc_midauth = tcase_create("Midauth");
112
113 tcase_add_test(tc_midauth, test_midauth_handle_challenge_request_param_0_CORRECT);
114 tcase_add_test(tc_midauth, test_midauth_handle_challenge_request_param_1_CORRECT);
115 tcase_add_test(tc_midauth, test_midauth_handle_challenge_request_param_2_CORRECT);
116
117 suite_add_tcase(s, tc_midauth);
118
119 return s;
120}
0121
=== added directory 'test/modules/midauth/lib'
=== added file 'test/modules/midauth/lib/midauth_builder.c'
--- test/modules/midauth/lib/midauth_builder.c 1970-01-01 00:00:00 +0000
+++ test/modules/midauth/lib/midauth_builder.c 2011-08-09 11:19:24 +0000
@@ -0,0 +1,265 @@
1/*
2 * Copyright (c) 2011 Aalto University and RWTH Aachen University.
3 *
4 * Permission is hereby granted, free of charge, to any person
5 * obtaining a copy of this software and associated documentation
6 * files (the "Software"), to deal in the Software without
7 * restriction, including without limitation the rights to use,
8 * copy, modify, merge, publish, distribute, sublicense, and/or sell
9 * copies of the Software, and to permit persons to whom the
10 * Software is furnished to do so, subject to the following
11 * conditions:
12 *
13 * The above copyright notice and this permission notice shall be
14 * included in all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
17 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
18 * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
19 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
20 * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
21 * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
22 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
23 * OTHER DEALINGS IN THE SOFTWARE.
24 */
25
26#include <check.h>
27#include <stdint.h>
28
29#include "lib/core/protodefs.h"
30#include "modules/midauth/hipd/midauth.h"
31#include "modules/midauth/lib/midauth_builder.h"
32#include "../test_suites.h"
33
34#define MIDAUTH_DEFAULT_NONCE_LENGTH 18
35
36START_TEST(test_midauth_builder_build_param_challenge_request_NULL_msg)
37{
38 const uint8_t opaque[] = "\x01\x41\x01\x14\x05\x00\x48\x49\x0b"
39 "\x02\x42\x02\x15\x06\x08\x49\x50\x0c";
40
41 fail_unless(hip_build_param_challenge_request(NULL, 0, 0, opaque,
42 MIDAUTH_DEFAULT_NONCE_LENGTH) ==
43 -1, NULL);
44}
45END_TEST
46
47#ifdef HAVE_TCASE_ADD_EXIT_TEST
48START_TEST(test_midauth_builder_build_param_challenge_request_NULL_opaque)
49{
50 struct hip_common *const msg = hip_msg_alloc();
51
52 hip_build_param_challenge_request(msg, 0, 0, NULL,
53 MIDAUTH_DEFAULT_NONCE_LENGTH);
54}
55END_TEST
56#endif /* HAVE_TCASE_ADD_EXIT_TEST */
57
58START_TEST(test_midauth_builder_build_param_challenge_request_0_opaque_len)
59{
60 const uint8_t opaque[] = "\x01\x41\x01\x14\x05\x00\x48\x49\x0b"
61 "\x02\x42\x02\x15\x06\x08\x49\x50\x0c";
62 struct hip_common *const msg = hip_msg_alloc();
63
64 fail_unless(hip_build_param_challenge_request(msg, 0, 0, opaque,
65 0) == 0, NULL);
66}
67END_TEST
68
69START_TEST(test_midauth_builder_build_param_challenge_request_CORRECT)
70{
71 const uint8_t opaque[] = "\x01\x41\x01\x14\x05\x00\x48\x49\x0b"
72 "\x02\x42\x02\x15\x06\x08\x49\x50\x0c";
73 const char cmp_challenge_request[] = "\xff\x36\x00\x14\x00\x00\x01\x41\x01"
74 "\x14\x05\x00\x48\x49\x0b\x02\x42\x02"
75 "\x15\x06\x08\x49\x50\x0C";
76 const struct hip_challenge_request *request = NULL;
77 struct hip_common *const msg = hip_msg_alloc();
78
79 fail_unless(hip_build_param_challenge_request(msg, 0, 0, opaque,
80 MIDAUTH_DEFAULT_NONCE_LENGTH) ==
81 0, NULL);
82 fail_unless((request = hip_get_param(msg, HIP_PARAM_CHALLENGE_REQUEST)) != NULL,
83 NULL);
84 fail_unless(memcmp(request, &cmp_challenge_request,
85 hip_get_param_total_len(request)) == 0, NULL);
86}
87END_TEST
88
89START_TEST(test_midauth_builder_build_param_challenge_response_NULL_msg)
90{
91 const char challenge_request[] = "\xff\x36\x00\x14\x00\x00\x01\x41\x01"
92 "\x14\x05\x00\x48\x49\x0b\x02\x42\x02"
93 "\x15\x06\x08\x49\x50\x0C";
94 const uint8_t solution[] = "\x01\x41\x01\x14\x05\x00\x48\x49";
95 const struct hip_challenge_request *request =
96 (const struct hip_challenge_request *) challenge_request;
97
98 fail_unless(hip_build_param_challenge_response(NULL, request, solution) == -1,
99 NULL);
100}
101END_TEST
102
103START_TEST(test_midauth_builder_build_param_challenge_response_NULL_request)
104{
105 const uint8_t solution[] = "\x01\x41\x01\x14\x05\x00\x48\x49";
106 const struct hip_challenge_request *request = NULL;
107 struct hip_common *const msg = hip_msg_alloc();
108
109 fail_unless(hip_build_param_challenge_response(msg, request, solution) == -1,
110 NULL);
111}
112END_TEST
113
114START_TEST(test_midauth_builder_build_param_challenge_response_NULL_solution)
115{
116 const char challenge_request[] = "\xff\x36\x00\x14\x00\x00\x01\x41\x01"
117 "\x14\x05\x00\x48\x49\x0b\x02\x42\x02"
118 "\x15\x06\x08\x49\x50\x0C";
119 const struct hip_challenge_request *request =
120 (const struct hip_challenge_request *) challenge_request;
121 struct hip_common *const msg = hip_msg_alloc();
122
123 fail_unless(hip_build_param_challenge_response(msg, request, NULL) == -1,
124 NULL);
125}
126END_TEST
127
128START_TEST(test_midauth_builder_build_param_challenge_response_CORRECT)
129{
130 const char challenge_request[] = "\xff\x36\x00\x14\x00\x00\x01\x41\x01"
131 "\x14\x05\x00\x48\x49\x0b\x02\x42\x02"
132 "\x15\x06\x08\x49\x50\x0C";
133 const char cmp_challenge_response[] = "\x01\x42\x00\x1C\x00\x00\x01\x41\x01"
134 "\x14\x05\x00\x48\x49\x01\x41\x01\x14"
135 "\x05\x00\x48\x49\x0b\x02\x42\x02\x15"
136 "\x06\x08\x49\x50\x0c";
137 const uint8_t solution[] = "\x01\x41\x01\x14\x05\x00\x48\x49";
138 const struct hip_challenge_request *request =
139 (const struct hip_challenge_request *) challenge_request;
140 const struct hip_challenge_response *response = NULL;
141 struct hip_common *const msg = hip_msg_alloc();
142
143 fail_unless(hip_build_param_challenge_response(msg, request, solution) == 0,
144 NULL);
145 fail_unless((response = hip_get_param(msg, HIP_PARAM_CHALLENGE_RESPONSE)) != NULL,
146 NULL);
147 fail_unless(memcmp(response, &cmp_challenge_response,
148 hip_get_param_total_len(response)) == 0, NULL);
149}
150END_TEST
151
152START_TEST(test_midauth_builder_challenge_request_opaque_len_NULL)
153{
154 fail_unless(hip_challenge_request_opaque_len(NULL) == 0, NULL);
155}
156END_TEST
157
158START_TEST(test_midauth_builder_challenge_request_opaque_len_CORRECT)
159{
160 const uint8_t opaque[] = "\x01\x41\x01\x14\x05\x00\x48\x49\x0b"
161 "\x02\x42\x02\x15\x06\x08\x49\x50\x0c";
162 const struct hip_challenge_request *request = NULL;
163 struct hip_common *const msg = hip_msg_alloc();
164
165 fail_unless(hip_build_param_challenge_request(msg, 0, 0, opaque,
166 MIDAUTH_DEFAULT_NONCE_LENGTH) ==
167 0, NULL);
168 fail_unless((request = hip_get_param(msg, HIP_PARAM_CHALLENGE_REQUEST)) != NULL,
169 NULL);
170 fail_unless(hip_challenge_request_opaque_len(request) ==
171 MIDAUTH_DEFAULT_NONCE_LENGTH, NULL);
172}
173END_TEST
174
175#ifdef HAVE_TCASE_ADD_EXIT_TEST
176START_TEST(test_midauth_builder_puzzle_seed_NULL_opaque)
177{
178 const uint8_t *const opaque = NULL;
179 uint8_t puzzle_value[PUZZLE_LENGTH];
180
181 hip_midauth_puzzle_seed(opaque, MIDAUTH_DEFAULT_NONCE_LENGTH, puzzle_value);
182}
183END_TEST
184
185START_TEST(test_midauth_builder_puzzle_seed_NULL_puzzle_value)
186{
187 const uint8_t opaque[] = "\x01\x41\x00\x14\x05\x00\x48\x49\x0b";
188
189 hip_midauth_puzzle_seed(opaque,
190 MIDAUTH_DEFAULT_NONCE_LENGTH,
191 NULL);
192}
193END_TEST
194#endif /* HAVE_TCASE_ADD_EXIT_TEST */
195
196START_TEST(test_midauth_builder_puzzle_seed_0_opaque_len)
197{
198 const uint8_t opaque[] = "\x01\x41\x00\x14\x05\x00\x48\x49\x0b";
199 uint8_t puzzle_value[PUZZLE_LENGTH];
200
201 fail_unless(hip_midauth_puzzle_seed(opaque,
202 0,
203 puzzle_value) == -1, NULL);
204}
205END_TEST
206
207START_TEST(test_midauth_builder_puzzle_seed_CORRECT)
208{
209 const uint8_t opaque[] = "\x01\x41\x01\x14\x05\x00\x48\x49\x0b"
210 "\x02\x42\x02\x15\x06\x08\x49\x50\x0c";
211 uint8_t puzzle_value[PUZZLE_LENGTH];
212 uint8_t correct_puzzle_value[] = "\x43\x03\x8F\xD7\x2F\xC7\xD2\xF3";
213
214 fail_unless(hip_midauth_puzzle_seed(opaque,
215 MIDAUTH_DEFAULT_NONCE_LENGTH,
216 puzzle_value) == 0, NULL);
217 fail_unless(memcmp(correct_puzzle_value, puzzle_value, PUZZLE_LENGTH) == 0,
218 NULL);
219}
220END_TEST
221
222Suite *modules_midauth_lib_builder(void)
223{
224 Suite *s = suite_create("modules/midauth/lib/midauth_builder");
225 TCase *tc_midauth_builder = tcase_create("Midauth_builder");
226
227 tcase_add_test(tc_midauth_builder,
228 test_midauth_builder_build_param_challenge_request_NULL_msg);
229// the tcase_add_exit_test macro is only available in check 0.9.8 or later but
230// scratchbox uses an older version of checkc so we try to avoid this macro
231#ifdef HAVE_TCASE_ADD_EXIT_TEST
232 tcase_add_exit_test(tc_midauth_builder,
233 test_midauth_builder_build_param_challenge_request_NULL_opaque,
234 1);
235#endif
236 tcase_add_test(tc_midauth_builder,
237 test_midauth_builder_build_param_challenge_request_0_opaque_len);
238 tcase_add_test(tc_midauth_builder,
239 test_midauth_builder_build_param_challenge_request_CORRECT);
240 tcase_add_test(tc_midauth_builder,
241 test_midauth_builder_build_param_challenge_response_NULL_msg);
242 tcase_add_test(tc_midauth_builder,
243 test_midauth_builder_build_param_challenge_response_NULL_request);
244 tcase_add_test(tc_midauth_builder,
245 test_midauth_builder_build_param_challenge_response_NULL_solution);
246 tcase_add_test(tc_midauth_builder,
247 test_midauth_builder_build_param_challenge_response_CORRECT);
248 tcase_add_test(tc_midauth_builder,
249 test_midauth_builder_challenge_request_opaque_len_NULL);
250 tcase_add_test(tc_midauth_builder,
251 test_midauth_builder_challenge_request_opaque_len_CORRECT);
252
253#ifdef HAVE_TCASE_ADD_EXIT_TEST
254 tcase_add_exit_test(tc_midauth_builder,
255 test_midauth_builder_puzzle_seed_NULL_opaque, 1);
256 tcase_add_exit_test(tc_midauth_builder,
257 test_midauth_builder_puzzle_seed_NULL_puzzle_value, 1);
258#endif
259 tcase_add_test(tc_midauth_builder, test_midauth_builder_puzzle_seed_0_opaque_len);
260 tcase_add_test(tc_midauth_builder, test_midauth_builder_puzzle_seed_CORRECT);
261
262 suite_add_tcase(s, tc_midauth_builder);
263
264 return s;
265}
0266
=== added file 'test/modules/midauth/test_suites.h'
--- test/modules/midauth/test_suites.h 1970-01-01 00:00:00 +0000
+++ test/modules/midauth/test_suites.h 2011-08-09 11:19:24 +0000
@@ -0,0 +1,34 @@
1/*
2 * Copyright (c) 2010 Aalto University and RWTH Aachen University.
3 *
4 * Permission is hereby granted, free of charge, to any person
5 * obtaining a copy of this software and associated documentation
6 * files (the "Software"), to deal in the Software without
7 * restriction, including without limitation the rights to use,
8 * copy, modify, merge, publish, distribute, sublicense, and/or sell
9 * copies of the Software, and to permit persons to whom the
10 * Software is furnished to do so, subject to the following
11 * conditions:
12 *
13 * The above copyright notice and this permission notice shall be
14 * included in all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
17 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
18 * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
19 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
20 * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
21 * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
22 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
23 * OTHER DEALINGS IN THE SOFTWARE.
24 */
25
26#ifndef HIP_TEST_MODULES_MIDAUTH_TEST_SUITES_H
27#define HIP_TEST_MODULES_MIDAUTH_TEST_SUITES_H
28
29#include <check.h>
30
31Suite *modules_midauth_lib_builder(void);
32Suite *modules_midauth_hipd_midauth(void);
33
34#endif /* HIP_TEST_MODULES_MIDAUTH_TEST_SUITES_H */

Subscribers

People subscribed via source and target branches

to all changes: